[Startup Interview] Developing solution to help keep the data related provisions focused on personal information protection “TOVDATA” Interview

Today we will meet TOVDATA, the winner of 2020 Spring E*5 KAIST!

In the era of excess data, the National Assembly passed the Data 3 Act to protect personal privacy. TOVDATA develops a solution to help keep the data related provisions focused on personal information protection.

Can you briefly introduce TOVDATA?

TOVDATA means building Trust, Opportunity, and Value on data and aims to provide solutions that gain trust, earn opportunities, and create value using data. In other words, we are developing a solution that helps companies keep the personal information protection regulations, such as the Data 3 Act in Korea or GDPR in Europe, when they utilize data from online or offline services.

The Data 3 Act in Korea and GDPR in Europe have been controversial regarding data privacy. We thought companies could reduce personal information leakage and work efficiently if we could provide solutions regarding the regulations.

How did TOVDATA select the solution as its product?

Improvements in data collection, processing, and analysis technologies have changed the value that data gives to businesses. The ability to use data in a richer and more precise manner became the key competitive advantage for a business. However, data protection regulations have been revised to protect personal privacy as well as enhance the utilization of data, because data includes sensitive information such as personal registration information and service user records. With the implementation of the General Data Protection Regulation (GDPR) in the EU, violators of the GDPR may be fined up to 4% of the annual worldwide turnover, raising awareness of data protection among companies. Based on our work towards international communication standardization and research on IT convergence technologies, my team and I have participated in a joint research project between Korea and the EU regarding the technical measures dealing with this issue for the past two years. This year, we announced our work and received attention and positive feedback from many companies. The needs of the customers we identified at that time and our technical background combined to produce our solution we are currently developing.

Although IT convergence technology cannot fully control the data regulation issue, we are finding an ideal method to control and utilize data.

How can TOVDATA communicate to and help companies use legitimate data processes?

When a company uses data, it does not only involve one person, but a number of people such as one who requests data manages data and is responsible for personal information privacy, and one who accesses and processes the actual data. Regulations and bylaws that are applied to each data export depend on the purpose of data transfer, duration of use, and the country and place in which the data will be used.

The data Export Management System (dEMS) we developed is a solution that divides the participants involved in the data process into 3 roles – data requester, data manager, and data processor – and systematically applies the regulations and bylaws. A data requester using the dEMS will submit a request with the purpose, period, and information about who is exporting data. Then, the data manager will check the request on dEMS and select all regulations and bylaws that can be applied. The data processor selects data subject to export, exports the data, and performs de-identification processing on the dEMS. Finally, the select results are generated as reports on the dEMS, which the data manager checks for final approval, additional processing, or denial. If approved, the data requester will receive the exported data in encrypted files and passwords on the dEMS. All processes on the dEMS are recorded and stored as reports to justify that the data was exported on a legal basis of regulations and bylaws if legal action is required.

The regulations and bylaws applied when data is used depend on the stage of the process and the country in which the data is used, and can be complex. Through TOVDATA’s dEMS, companies can comply with data regulations more easily. We believe using information by exporting data through a legitimate process will reduce personal information leakages.

What motivated you to participate in E*5 KAIST, and what did you learn from E*5 KAIST?

After I decided to start a business, I realized that I lacked experience and background knowledge in corporate establishment and management, because I was always doing research even though I had team members and an item in mind. I thought the E*5 KAIST program would be appropriate to study business and receive help, and decided to apply. The best thing about participating in the E*5 KAIST program for three months was mentors. I was able to receive advice about corporation establishment and management from seniors who already started their own business and VCs. In addition, the training before each mission was helpful, especially getting legal advice from a lawyer on a one-to-one basis. Lastly, the missions were very beneficial. In the beginning, missions felt like assignments made to evaluate each team, but they became a motive for us to prepare our business. The mission was conducted with the help of mentors and seniors, so it was an opportunity for us to prepare things that we would have otherwise neglected. After completing the final mission, we updated our team portfolio and received contact from various VCs and accelerators, which helps us attract investment more than we expected.

I heard TOVDATA is also participating in E*5 LabStartup. What is the difference from E*5?

The most obvious difference is that the LabStartup program requires the startup item to be a product of a research project conducted in a lab while attending KAIST, and the duration of the program is 6 to 8 months, while E*5 is 2 to 3 months. E*5 KAIST has been established for a long time and helps teams start their own business with a well-organized program. Through the consulting and training by mentors, teams check the demand for their item, review the business model, and create a Pitch Deck for the final business plan to present to investors. However, E*5 LabStartup is a new program that has not been standardized yet. For 6 months, teams receive advice, network, and space depending on the item and progress of the startup, and each mission is decided after consulting with the team mentor.

Labstartup is a program established this year by KAIST Startup. While E*5 is open to undergraduates, Labstartup focuses on lab research projects that can lead directly to businesses. Please look forward to Labstartup as well! We look forward to TOVDATA in Labstartup.

What is TOVDATA’s short-term goal?

While developing our solution, we focused on and whether our customers really want our product and if they do, what additional features are needed. So, in the short term, it is important to analyze the problems and needs of companies in the market and use this to create a product that customers really need. Through this process, we can retain various customers and advance our product that continuously reflects the needs of the customers.

Satisfying the customers’ needs is the most important thing when starting a business. A company should create a product that companies and customers can continue to use.

One word to KAIST students?

If you decide to start your own business, I recommend applying to the E*5 KAIST program, as well as other programs by Startup KAIST. The programs are very helpful and would be a waste to miss.

As TOVDATA said, Startup KAIST provides startup programs for students. There will be many programs held in the fall, so please participate if you’re interested!

What is the ultimate goal of TOVDATA?

Over time, technology continuously evolves and becomes more complex, and the laws and regulations to control the technologies are also becoming complex. What happens if complex technology meets complex laws? It would become even more complex. I believe that no field in the world can exist by itself, so it is important to have an integrated approach in various fields. Law and technology require an integrated approach to work with each other, but there are conflicting aspects as well. TOVDATA hopes to be the bridge between law and technology when we need to protect people from technology through laws or develop technology to keep the law. Like our name, we want to become a company that builds trust, opportunity, and value to our customers, to our team, and to our society.

More integrated technology will be needed in the future. An integrated technology-based startup that focuses on converging different fields will draw attention. However, in this process law and personal privacy related problems will arise, and I hope TOVDATA will play the role of a bridge so that companies and individuals will not be harmed by the advance in technology. We believe that TOVDATA will build trust and opportunity and continue to work with various companies in the future.

We have met with CEO Hyojin Park of TOVDATA today.