Blog. Do you want to know, if a service sits on your personal data and what it does with it? With one click you can ask more than 60 of the bigger companies instead of writing them one by one. A Swiss startup is building its service on top of GDPR.
Since May 25th this year OneThingLess.com has offered a free service: Securely sign up via your app and ask companies, if they sit on your data connected to your email address. It doesn’t ask for your data, only if the service sit on data, and if yes, how they use it. The very same day, the new European data protection regulation, GDPR, was enforced.
“Law firms love us. Some companies on our list not necessarily,” says James Aschberger, founder and CEO of One.Thing.Less AG based in Switzerland. He explains that some companies hesitated to answer. “Swiss Air Lines wants a hand-signed authorisation and a copy of an official photo ID. The Swiss Federal Data Protection and Information Commissioner states that this is not necessary. Ryanair also wants a photo ID. But why should people give them that if these companies do not verify the identity when they obtain their personal data?”
One.Thing.Less had Ernst & Young audit all of its services, organization, controls and processes, so the companies can be assured and reply to the more than now 20.000 requests.
If a requested company does not reply within 30 days, then users can issue a friendly reminder and the system keeps log files to document if and when companies reply. If a company replies via the platform, the user gets a notification. If not:
“With a timestamp we can help people prove that they issued a proper information request and didn’t get an answer and thus the company is not in compliance with GDPR requirements. With this documentation, authorities have the possibility to investigate potentially systematic non-compliance,” says Aschberger.
As One.Thing.Less does not help people ask for a copy of their data, the startup is not sitting on interesting personal data and less of a lucrative target for hackers.
Aschberger expects to make money with the businesses by providing software, an interface, to efficiently respond to users on their data requests.
“Our drive is to empower the individual to know how their personal data is being used,” he says. “We are not doing this to make it painful for businesses. We do it to empower digital trust and comply with GDPR. And with time, we might be able to create a relevant global standard for information and data disclosure,” he says.
If you delete your account with One.Thing.Less, your data is either deleted or completely anonymized, as verified by the Ernst & Young attestation.