PrivacyAnt

Helping companies to build trust and loyalty while respecting privacy

Providing privacy - A core value of a developed society. A sign of organizational quality.

We see that the right to privacy is a fundamental human right. A person cannot fully be an individual without privacy. Lack of privacy, on the other hand, is like corruption and pollution that damages the society and environment. When there is privacy, there is trust and individuality, which also spurs innovation, when people have more space to be themselves, and thus, can flourish for the benefit of themselves and others. For organizations, we believe that privacy is about trust. An organization that can protect people's data and manage privacy, shows that it is responsible and can deliver quality in its products and services.

It all began in our own work - Simplifying the complexity of personal data processing by visualizing with data-flow maps

Our story dates back to 2014 when some of us were working in Finnish gaming companies. To understand how those mobile games actually worked, we ended up in our data protection work drawing with pen and paper a whole wall full of games’ data-flows. That’s how an idea started to form in our heads of a software tool that visualizes data-flows and identifies automatically applicable legal requirements across the globe.

Few organizations handle data protection well, because controlling data is complex

Now, years after the GDPR has been applicable and CCPA enforcement looming ahead, we see that the root problem in data protection work has been shallow understanding of the interplay between business, ICT, and legal requirements.

We have observed that there is still a lack of data controller oversight about the network of systems, databases, and partner organizations into which personal data flows to. That leads easily to the loss of control of the ’data controller’ (Sidenote: Doesn’t even the term ’data controller’ imply that there should be control over data). One reason for this is perhaps that the data protection as a major service industry is still relatively young.

Data protection and privacy impact assessments (DPIA / PIA) - measuring quality of your products, services, and processes

A specifically hard problem has been that data protection and privacy impact assessments (PIAs and DPIAs) on products and services are often conducted from too narrow and thus flawed perspective. Thus, true high quality products and services in terms of data protection and privacy are still at the moment rare on the market. Consumers have hard time finding high quality products in terms of data protection.

We want to change this! We want to see products, services and workplaces that are of high quality in terms of data protection and privacy!

Visualizing makes privacy approachable to your staff and reveals hidden privacy risks

To tackle to root problem of privacy work described earlier, we designed our tool so that it forces a process to conduct DPIAs or PIAs to a company’s products, services and processes by drawing a data-flow map of the processing. As the team participating in the PIA process is identifying systems, organizations, countries, and personal data in the data-flow map, the produced data-flow map simultaneously triggers automatic ’controls’ that detect legally significant requirements to be documented, as if a privacy lawyer was in the room looking the assessment process over the shoulders of the PIA project team.

The beauty of this approach is that it pushes people to see and think all aspects impacting on privacy, and once all company’s products, services and processes are described and assessed, the company has a full view of the company’s privacy risk status. Consequently, the content for the Record of Processing Activities -report is formed by itself, increasing an organization’s readiness to demonstrate accountability.

Compliance forms alone are not enough, you need to understand connections to nail it in privacy

This approach of starting from data-flow maps differs completely from the vast majority of data protection and privacy software tools currently on the market, as the most common approach is to have a series of compliance question forms to be documented.

While for some lawyers the approach of assessing data protection compliance by addressing a question after question might feel suitable, the core of the problem remains unaccounted for, if the basic building blocks forming the personal data processing are not detected.

For this very problem, visualization with data-flow maps and systematizing via software automation the detection of applicable legal and policy requirements seems like the a working method to achieve truly comprehensive and in-depth DPIAs / PIAs. Thus, when this method is applied, it unveils many privacy risks to data controllers that way to often remain hidden, and ending up in giving an inaccurate view of an organization’s privacy risk status.

Well handled privacy is a success factor for businesses, and builds well-being in societies in the 2020's

All in all, data protection and privacy are not only good and ethical business. Societal aspects of privacy are also critically important. For that reason too, it is of high importance that organizations’ are adopting truly effective methods to assess privacy impacts accurately. In the end, it will have a critical role how companies and products are developed, and how our societies will evolve in terms of protecting individual rights and democracies in the years and decades ahead.

logo pop pankki logo nitro logo aller logo finnkino logo save the children logo alma media logo ksf media logo seriously
Contact information

Salesprivacyant.com

PrivacyAnt | Franzéninkatu 21 A | 00500 Helsinki, Finland

Meet the team

Heikki Tolvanen
Heikki Tolvanen

Chief Legal Engineer

+358 45 631 0585

heikki.tolvanenprivacyant.com

Pekka Lampelto
Pekka Lampelto

CEO

pekka.lampeltoprivacyant.com

Jane Tahvanainen
Jane Tahvanainen

COO

jane.tahvanainenprivacyant.com

Tech team

CTO + developers

Eija Warma-Lehtinen
Eija Warma-Lehtinen

Chairman of the Board

Hanna Sievinen
Hanna Sievinen

Board member

Leena Kuusniemi
Leena Kuusniemi

Advisor

Matti Sillanpää
Matti Sillanpää

Advisor