KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Perfect. Thank you very much. Yeah. I hope everyone can see my screen. Okay. Maybe just a few words about myself, as I really mentioned, I'm elite solutions, engineer one trust, meaning I, I focus very much on data privacy, but I've also done extensive research on the topics of data, privacy, sorry, data ethics, post GDPR, how companies see this, how companies implement this. So it's really a topic that's very close to my heart. I'm very enthusiastic about myself, quick agenda for us for this evening.
So first of all, just a quick overview of who is one trust and why can we, why do we have the expertise to talk about these topics? Then just a few words. As I mentioned about building and implementing an ethical foundation, what is data ethics? How can we use it? How can we implement that in our, our organization? Then we're going to have a quick look at whistleblowing because there's a very good use case for, for day two ethics for ethics in general. And it's also very relevant with the new legislation coming from the European union this year, and then last but release.
We're going to do some Q and a in case there are any questions from the audience. I said, who's one trust. Why can we, and why can I talk about this? So one trust is an organization software company that produces software for privacy, security and governance. We focus on all the, all the data privacy legislations out there, as well as frameworks like ISO standards, etcetera. We've got over 7,000 customers all across the globe. We've got thousand 500 employees and we are literally everywhere in the world.
So we are, COHA called Atlanta and London. We've got our Munich office in Germany and we've got other offices in America, in APAC and in Europe as well. We are the only vendor actually as analyzed by cooking a coal last year who earned the highest designation of strong, positive across all nine categories in, in the Analyst or in, in the analysis that did on privacy software.
So very, we are very proud to have that kind of acknowledgement as well, and be acknowledged as a leader in this space, just to give you a quick idea of, of what kind of, what does our software do? What can companies do that?
So, first of all, we try to help companies to actually know their data. So to discover what sort of data they have in the organization, how to classify their data, what is personal data? What does other data? And then we also help companies to actually know their laws. So what laws apply to those data? What can I do that? What can I not do with this data? All of this is powered by Athena, our AI and robotic automation engine that analyzes the whole software. And that helps our customers to be even more efficient and effective with their privacy, security and governance programs.
We have solutions for privacy. This is really where we've come from, but we also have solutions for data governance. As I mentioned, trying to figure out what sort of data do you have in your organization, GLC, everything that is governance, risk and compliance, one trusts, preference, choice, everything that brings marketing and data privacy together. Also very important when we talk about trust and how can we build trust with consumers in the market, one trust, vendor, PD, everything for third party due diligence.
Also very important when we think about ethics, because obviously we don't want to work with companies that don't need our own standards as an organization. And then of course, we also have solutions for ethics where you can do things like whistleblowing, hotlines, whistle, blowing, intake, forms, all those sort of things can be covered by our software as well. That just a quick introduction. And now we actually going to dive into the topic and we're going to look at building an ethical foundation. So how can we actually do that in our organization?
So, first of all, maybe a question, what is ethics? What does ethics really mean? And it's oftentimes a very difficult definition, I think. And I think many people so struggle with defining ethics because in the end, ethics means doing the right thing. But what is the right thing? The right thing can mean very, very different things in different countries and different cultures. And it's very hard to, to find out what this actually means for us in our organization. What do we define as the right thing?
And it also means that we don't just do the right thing when I know there's the spotlight on the camera and people are watching, but it means doing that even when no one is watching and even doing it, if it costs you more money, because in the end it is the right thing to do. And there's no other way of, of yeah. Actually doing it. What is data ethics in that context? So data ethics obviously is, is yeah, the, the ethics of data. So how can we use data ethically? How can we collect data ethically? How can we, how can we process data ethically?
And one very important part of this is data governance, meaning what does this strategy for our data? How do we, how do we collect data? How do we process it?
How do we, how do you control it across the organization? Also, how, how do we want to do that in the future? The next block here on our slide, the preferability testing. So we want to make sure that all the processes that we have in place and our organization are not just acceptable, but that they're preferable. So what is good for your user can also be great for your organization. And we want to make sure that every process that we have in the organization needs that criteria.
And then also it's very important to, to have auditing in place, to have independent audits that are included in all of our workflows to make sure that they, that we mitigate risks and that we meet requirements both internally and externally. Of course, all of this is also important that as an organization we think about, okay, what sort of ethical approach do we want to take? Because there's two major schools of thought basically when we look at ethics. So there's one approach that says, okay, we look at the action itself. We don't really look at the outcome.
We only look at the action itself and we want to make sure that the action itself is good, whatever good might mean. And then there's another school of thought, which kind of takes backward approach and says, okay, we don't really care what the action, but we want to make sure that the end result is good. And that's one of the kind of fundamental decisions that company needs to do, needs to take when you, or they want to implement a data ethics framework as well. How can we actually implement such a framework?
So how, how does the implementation work? How can we make sure that this is successful as well?
So, first of all, as I said, we have to choose our ethic standpoint. So what, what's our, our approach? How are we going to, to treat dilemmas? How are we going to make decisions in the case of dilemma? What are we going to base this on? So we have to make that decision. Now we have to stick to it. We can't just halfway through decide, oh, wait, let's do it differently. Cuz that will have very, very fundamental impact on, on our whole approach. The next step is to anchor all of this in the organization.
So we need to anchor the organization itself and all of the projects that we do within the organization into this ethic of framework. And we also need to make sure that obviously our employees know how to do this. They know why we are doing this, why we may changing processes. Why are we rethinking approaches that we have taken as a company? Why are things that maybe have been okay and have been acceptable for the past 10 years? And I was suddenly not okay anymore within the organization. So we need to make sure that we really look at all the processes.
We need to look at everything that we do in the organization and decide, do we have to change it? Can we keep it? And we have to anchor our ethical framework into that organization, into those processes, understanding very important part. And I think you could maybe argue that this should come almost at the first step together with the choosing of your framework because it's something that should happen very early on as well, because obviously ethics is always related to the law. So I think there's a very famous quote that says ethics comes before during and after the law.
And I think it's a very good code actually, because it really shows that ethics are kind of all around the law, but we need to understand this call. We need to understand the law and the legal obligations that we are under as an organization to be able to then apply ethics, to go above and beyond the law law. So to speak so very important to have that understanding and also to be aware of any changes that might happen around us.
And that might happen to the legislation that we fall under as an organization, next step education as always with everything that's new with every kind of framework that we build into an organization, we need to educate our staff on appropriate an ethical data usage. So obviously we're talking about an ethical data framework in this context, but really this would apply to any sort of ethical approach that you might want to take in an organization. There are so many like small areas of ethics or areas within the business where you can apply ethics.
It doesn't just have to be data obviously, but data is a very good point to look at because data is becoming so, so important for organizations that as well, but it's very to educate staff and to also educate the staff on the importance of this, why is this important? Why are we taking the step and how, how can they make decisions phase a dilemma at any point? How can they apply the ethical framework that you are, you are defining for the organization to, to react to that dilemma and yeah, and make that decision managing again, managing risk is always important.
Same for an ethical data framework, manage your internal risks. You ask to external risks and just make sure that everything's documented. Everything is under control and being looked after. And my last button least built brand confidence and audience through audience trust. So through transparency, I think this is a very, very important point because it's also very well.
I don't wanna call it slippery, slow, but it's a very thin line between greenwashing between like pretending that you are an ethical organization between pretending that you care about certain issues, maybe that, that the world is facing cetera. But then if, if someone would had taken closer, look at the organization, the organization is not really acting that way. So it's very important to be careful about how you communicate to the outside world, what you communicate to not get into that position where you're actually greenwashing or ethic washing what you're doing and yeah.
Coming out worse than, than before and not better, which is obviously what organizations want when building confidence and trust through transparency, let's move over to whistleblowing. So whistleblowing is something that I at least that's has always been my impression that in Germany's always been a bit, I don't know, not very, not very popular, not very famous. It's more something that we've maybe heard coming from the us from the UK. And I think it is fair to say that the current climate for whistle blows in the U is not great.
So there, it's just very, very, very, very few countries that have implemented anything. Most industry standards do not really encourage or provide equal safeguards for individuals who are coming forward. The whistleblower protection is very fragmented geographically. So only 10 countries have actually implemented comprehensive law in that context. So it's very difficult for whistleblower to, to find out what the situation is for them. And then also the protection is very limited to certain sectors.
So not everyone is being protected, which again makes it very, very difficult for whistleblower to actually get or build up the courage to then come forward in case they have witnessed anything that is not right, that is putting very good at risk. So that's why I really think something needs to change. And that's exactly what's what's happening now. So with the EU whistle loan directive, we are going to see a lot of change for organization when it comes to organizations when it comes to whistleblower. So there's new profiles that are protected under the directive. So it's not just employees.
There's also former employees. There's journalists, there's anyone who supports whistleblowers in that case.
So the, the protectors much, much wider than just the, the person who is the actual whistleblower or the employee of an organization who has witnessed something that's, that's not right. There's also wider and more equal scope of protection. So as I said, there's more cases that are covered. More things are considered as whistle blowing. So way more is way wider. And as I said is also, it is been widened to almost every industry and is affecting every industry.
Now there's also stronger protection for whistleblowers, which makes it, you know, or should encourage more people to come forward in case that they witness something wrong. And again, it also helps.
Yeah, it just helps helps people to, to do the right thing, to behave ethical. Even if the organization might not be doing that. There's also going to be an increased corporation between authorities and organizations in that context, which will make it easier to then pass on information to authorities for them. And then also for them obviously to take action in that context, there are some obligations for organizations that aren't coming up that organizations need to be aware of, and that organizations also need to prepare for.
So first of all, organizations need to create reporting channels within the organization. So people need to be able to report things that they see, they need to be able to do this anonymously. So I don't need to say my name or my email address anything when I do this. And those sort of channels need to be created within organizations, organizations also need to develop a reporting child hierarchy. So they need to be an independent team that looks at these incoming requests or reports. And that team needs to be completely detached from the rest of the organization to act independently as well.
There's a certain timeline. So organizations have to follow up on whistle, lower reports within a speci specific timeframe. I think it's three months if I remember correctly, which is also very important that those reports don't just get ignored, but they have to be reacted to. And as you already said, there is more protection and support for whistleblowers, with directive as well. And with that, we already coming to the end almost on time. I think we've got a little bit time left, maybe for some questions, if there's anything.
