Startup of the month: Adall

With GDPR getting closer by the minute, Nina Bakås and the rest of Adall saw an opportunity they could not let pass.

“Don’t leave us now, want to still be friends?, we’ll miss you”. These are just some of the emails that has flooded into our digital mailboxes the last few weeks, and share a slight resemblance with a clingy ex-boyfriend. These emails are the first few signs of GDPR.

General Data Protection Regulation(GDPR) is a regulation in EU law on privacy and data protection. GDPR applies to all individuals or companies that are based in or have customers or users in the EU.

– We have seen that a lot of companies get very stressed about GDPR. They don’t know how to handle the new regulations, Nina Bakås, CEO and founder of Adall, tells us.

– This applies to both big companies with a lot of internal resources as well as to small and medium sized businesses. External resources as consultants and lawyers can cost from 1500 up to 5000 NOK an hour.

Adall wishes to make it possible for all companies to treat personal data in a respectable way. About 70 to 80 percent of all Norwegian companies have 20 employees or less. These types of companies don’t have the internal resources that are needed to take care of data protection.

– We won’t reach our goal with data protection unless every company follows the regulations. It doesn’t help that Facebook has good data protection if another company is leaking your personal data, Bakås says.

A lot of luxury

Bakås has a background from informatics, and is now attending NTNU School of Entrepreneurship. In Adall, she works with a lawfirm and has just hired two summer interns. Adall has been a success story from the beginning. Their first customer contacted Bakås before Adall was even established.

– We’ve had a lot of luxury, really. That’s not common when you are in entrepreneurship, Bakås says and laughs.

– All of our marketing has happened organic, so we haven’t needed to market. We need to learn and go to a process, so the customers work as our cases for learning purposes. That, combined with the small to none-need for marketing, means that we can price ourselves lower than other consultant-services. Now, our goal is to expand and to make a digital solution.

Bakås compares the digital solution Adall is trying to make with programs like Fiken, who makes it possible for small businesses to keep their own accounts. Adalls goal is to make an equivalent for personal data protection.

– GDPR demands that you document everything you do that concerns data protection. If you have a 30 year old company, you will have to document everything in the past as well. What typically would happen is that the data protection authority (Datatilsynet) will give you one month to deliver your documentation,, Bakås tells us.

– Obviously, you won’t be able to provide all the documentation needed in only a month. Worst case, you will get a fine. Absolute worst case is that you get a fine that is either four percent of the company’s global turnover, or 20 million euros. For most Norwegian companies, that will mean 20 million euros.

With a digital solution, the companies will be able to document their changes in personal data protection themselves. That way, small and medium-sized companies with fewer resources won’t need to hire external competence.


The audience decides

The large tickets are one of the reasons that also large Internet companies like Facebook and Google will have to care about GDPR.

– This is exiting, because we haven’t been able to give out big fines to these companies before, Bakås says.

– I doubt that any company is so rich that they don’t mind getting a fine the size of four percent of their global turnover.

The main point with GDPR is that the users get the possibility to choose what they share, and what they say yes to. You can also gain access to all the data a company has on you, and choose to have it deleted.

– I think we’re seeing a distinction now, with Cambridge Analytica and the things that are happening in China, Bakås says.

But in the end, it is the customers and users that have to choose. And this is interesting. Will the users even care?

– It will probably take a couple of years before we see the big changes, but they are definitely happening, Bakås finishes.

This is GDPR:

  • General Data Protection Regulation is a new European regulation that covers data protection and is aimed at improving and unifying the way personal data is currently protected. The Regulation took effect on 25th of May 2018 in the EU, and from the first of July in Norway.
  • GDPR applies to every organisation or business that processes, stores, or transmits personal data of EU residents.
  • Businesses that breach the regulations may be fined either four percent of their annual global turnover or up to 20 million euros.
  • GDPR gives the users rights such as to access or erase any data referring to them, along with the right to object to direct marketing, profiling and processing of their data.