Stine Mangor, Openli: “internet users should have higher demands on their data being managed securely”

Private data breaches and security disruptions have received harsh exposure in recent years.

Personal data can be stolen by cyberattackers, and sensitive information can be viewed by unauthorized third parties if managed unsafely. The changes to privacy laws have pushed a lot of companies to reassure that their data is protected and managed properly.

Other than users implementing traditional privacy tools like a Virtual Private Network (VPN), there are also companies like Openli that ensure that privacy is easy and transparent.

To tackle privacy-focused matters, Cybernews invited Stine Mangor Tornmark, the CEO of Openli – privacy compliance software solutions company.

How did the idea of Openli originate? What has your journey been like?

As a lawyer and Senior Vice President at Trustpilot, I was responsible for getting Trustpilot, a global review platform, ready for the GDPR in May 2018. My experience with the workload and struggle of getting on top of the GDPR compliance made me think of all the startups, scaleups, and tech companies that need to be compliant but don't necessarily have the legal knowledge. That is why my partner Søren and I founded Openli.

Can you introduce us to your compliance software? What are its key features?

Openli is a B2B privacy SaaS solution that makes privacy easy and transparent. We help companies get better control of GDPR, by automating the process of vetting data processors and vendors. We are building our customers’ privacy profiles so they can close deals faster, build trust, and give them access to Vendor Explorer so they can choose the tools and systems based on their GDPR and security efforts.

Here’s an example:

Let’s say you are about to buy a CRM system. You can use Openli to see the CRM system’s GDPR efforts and security certificates. If you choose to use software like Hubspot, then Hubspot will be processing personal data on your behalf. That means you need a lot of legal agreements in place, know how your vendor is GDPR-compliant, and have documentation in place to demonstrate compliance. And if data is leaving the EU, then you need even more documents in place, for example, SCCs, TIAs, and more. We automate the entire process and put many of these legal privacy agreements on autopilot.

Are there any data privacy issues that you believe more people should be concerned about?

Today, companies love to use platforms, systems, and tools – Hubspot for CRM, Slack for internal communication, Mailchimp for email, and so on. However, few companies know what they need to do to be compliant when using all these vendors. Where is your customer's data going? Is the data secure? These are questions that companies need to know the answers to if they care about the privacy of their customers and employees.

How do you think the recent global events affected your field of work?

There is change happening in the world right now. Customers and users are demanding companies care about privacy. We also see a shift from the regulators where more and more countries are implementing GDPR-type legislation.

Some experts believe that keeping up to date with data privacy trends and requirements could even be the selling point for customers. Can you share some tips for businesses looking to update their privacy policy?

Data is essential for all companies. It's critical to know how people use your product and services, how your customers are, and what funnels work. Your entire CRM system and marketing tech stack are dependent on data about people.

Most companies know about the GDPR in broad terms, but it can be challenging to understand your specific obligations when you process personal data about people.

For your privacy policy, you should know all the services you are using and are sharing data with. The policy needs to explain how and why you collect people's data and it needs to be available to people when their data is collected.

It’s not only a legal requirement but also a selling point for your customers, partners, and potential investors – people want to know how you manage data. And that’s what your privacy policy is delivering. Privacy is becoming one of the key metrics that companies are measured on, like other ESG measurements like sustainability and social responsibility.

What are some of the worst mistakes companies tend to make when it comes to handling large amounts of customer data?

Not having a good overview of what personal data you’re processing about your customers and not knowing which tools, platforms, and systems. If you don't know that, how can you

keep data safe? And another big mistake – believing that you can just copy the privacy policy from the “website next door”.

What dangers can customers be exposed to if a company they trust struggles to ensure compliance?

Data breaches and identity theft can have a strong influence on people's lives. However, there are also more subtle consequences for not having the proper compliance in place, such as companies sharing data with third-party without any legal basis.

And not being able to close deals because prospects and potential customers aren’t able to verify your compliance efforts.

Talking about individuals, what actions should average Internet users take to protect their personal data online?

Internet users should have higher demands and use services, and tools that pay attention to whether their data is managed securely.

Share with us, what's next for Openli?

We recently launched the Openli Community. Our idea for the Openli Community is to be an open space for like-minded professionals to discuss, meet up, and learn with each other. The community is available for all as a space where developments and issues can be discussed. There will be an opportunity to meet some inspiring leaders in the legal community through webinars, live videos, meetups, and other resources. If it sounds like something you would be interested in, please join!

See more on

Leave a Reply

Your email address will not be published. Required fields are markedmarked