Companies collide hundreds of millions of dollars Art fines these days for failure to comply with data protection and data privacy regulations, prompting organizations and their users to take data protection more seriously. One of the byproducts of this has been the emergence of new technology to meet this increased activity.
DataGuard is a Munich-based startup that focuses on a SaaS-based business model to provide privacy, information security and other data protection in the form of a series of on-demand cloud tools “as a service” for small and medium-sized companies. large enterprises, and today it is announcing that it has secured a $61 million Series B funding round led by Morgan Stanley Expansion Capital to double its market size.
Investments also include One Peak, the UK venture capital firm that led DataGuard the most recent fundraiser was $20 million in 2020, this is the startup’s first ever external funding. Also participating are Bastian Naminacher (Co-Founder/Co-CEO of Celonis), Hanno Renner (Co-Founder/CEO of Personio) and Carsten Thoma (Founder of Hybris).
DataGuard does not disclose its valuation. But as another indicator of how it works, despite the broader contraction we’re seeing in the tech sector, this startup continues to grow. It now has more than 3,000 customers in 50+ countries, and they in turn provide tools that reach more than 40 million individual users—employees, customers, and other stakeholders. That’s three times more than the 1,000 customers there were in 2020. While DataGuard doesn’t disclose specific revenue numbers, it says revenues have also grown, roughly 10-fold over the past year. Its definition of SME is quite fluid and includes larger mid-market end-users: its client list includes familiar names such as Canon, Hyatt and Unicef.
DataGuard provides a range of privacy, information security and compliance tools that allow you to assess the different ways data is used within an organization. It analyzes this data to determine whether the company complies with various certifications (such as GDPR, CCPA, ISO 27001, TISAX or SOC 2); and if not, what does it need to do to become compliant.
The basic idea behind DataGuard is that while large enterprises may have teams of in-house staff—lawyers, engineers, and data scientists—who work to monitor, implement, and adjust that organization’s data protection, privacy, and compliance policies (strategy, which even with a large number of people and budget, often yet goes wrong); smaller organizations may have fewer human resources but just as big a challenge to contend with.
Its target audience, said Thomas Regier (above, left, who is co-CEO and co-founder with Kivanch Semyon, right), is “those who maybe only have one IT security person,” who might be an expert in network security, but not data security. Some of his clients, he added, may not have in-house security experts at all: the task of making sure that data protection is implemented legally and securely falls on, say, the marketing team: that’s because online interactions with private individuals – this is one of the key areas that data protection must cover, so in some cases it may be the responsibility of those who use the data to ensure that it is done correctly.
“We built it for civilians,” he said.
Of course, marketing – in particular the interfaces to cookies and data consents related to marketing and “analytics” – has been the most obvious face of privacy and data protection for many of us over the past few years. Driven by GDPR and other regulations, we see these consent windows on a daily basis, and many companies have complained about how the popularity of “reject all” has affected the bottom line. And the big headlines we read about data breaches tend to be the same: in one example just earlier this month, Instagram was fined more than $400 million for the misuse of children’s data under GDPR regulations in Europe.
But Regier says there are added pressures these days, in addition to the very bad publicity companies get from fines and media investigations:
“Marketing is a huge piece of the puzzle, but the other piece is companies protecting their customers’ data,” he said. “They have to back it up. They have no choice because if they don’t they will lose those customers now. It’s gone beyond the fig leaf and gets to the heart of the business.” with this, cyber insurance premiums have soared, another indication of the financial impact to businesses if they don’t implement robust data security and protection. (It is debatable whether these premiums are effective for other reasonshowever.)
A third important factor that DataGuard sees among its customers is commercial pressure. That is, organizations are now becoming more proactive in vetting partners to ensure they are held accountable, both proactively and reactively, if something goes wrong.
Interestingly, using mechanisms that sound remarkably similar to how data brokers work, DataGuard can also see how a company’s data might be being used by third parties and customers to identify where it might be out of compliance, or alternatively alert those third parties parties in the event that any data has been compromised. Getting the bigger picture is increasingly important as part of the due diligence process companies go through when they work on procurement deals, highlighting that it’s not just about making sure, say, the business-critical nature of the work.
Business compliance is a new area, but the company will use some of this investment to continue development. It also potentially opens up the possibility for DataGuard to provide similar services to test more aspects of data security and protection, such as when it moves into data networks and endpoint management.
That, along with the fact that DataGuard has grown so much as it has with so little outside funding, are all reasons why investors are knocking.
“Data privacy, information security and compliance are areas of increasing focus from regulators, businesses and consumers around the world at a time when the amount of sensitive data businesses must process to operate is growing exponentially,” – said Lincoln Isetta, director of Morgan Stanley. Expansion Capital, in a statement. “It’s clear from our efforts that DataGuard’s unique end-to-end platform enables customers to go beyond simple compliance, information security and data privacy and instead manage data as a competitive advantage. We are very excited to join the DataGuard team and look forward to helping them build on their success.”
“Since our initial investment in DataGuard, we have seen strong growth, which is a testament to the drive and execution capabilities of the founders and their leadership. DataGuard has helped create a new category that is both extremely meaningful and business-critical,” David Klein, managing partner of One Peak, and Christoph Meier, partner, added in a joint statement. “Over the next decade, companies will invest tens of billions of dollars in compliance and security to become and remain trusted partners. We were the first institutional investor in DataGuard back in 2020, and we are very excited to double our investment to support the company in further accelerating its growth trajectory and expanding its geographic reach.”