For many managers, data protection is like a visit to the dentist: inevitable, but annoying. The start-up Dataguard promises, figuratively speaking, to ease the pain. It helps organizations to organize processes around the General Data Protection Regulation (GDPR) and other regulations in a legally compliant manner. According to its own data, it has 3,000 customers in 50 countries, the majority of them small and medium-sized enterprises.
With a second round of financing, the so-called Series B, Dataguard now wants to expand the business: the start-up will receive 61 million euros, the majority from Morgan Stanley Expansion Capital and One Peak. Early-stage investors are also taking part.
On the one hand, the founding team from Munich plans to expand the product portfolio. “We started with data protection, but our vision from the outset was to also manage information security and compliance via our platform,” says Co-Boss Thomas Regier.
On the other hand, expansion into new markets is on the agenda. “Many countries model their laws according to the GDPR – our platform should also become an export hit,” says the founder.
The focus is on the European Union and the USA. The company does not comment on the valuation, it is likely to be in the lower three-digit million range with industry-like conditions.
The right idea at the right time
Thomas Regier and his partner Kivanç Semen founded the start-up in 2018. The two friends, who have known each other for 20 years now, caught a perfect moment: the General Data Protection Regulation was just beginning to take effect – and panic broke out in many companies because of the complex set of rules and the high criminal framework.
This has now subsided, but widespread uncertainty remains, at least for the self-employed, start-ups and SMEs. Twelve percent of companies with up to 500 employees have still not implemented the GDPR, as can be seen from a survey by Bitkom. In companies with up to 100 employees, this figure is as high as 33 percent.
While corporations can set up their own teams with lawyers and programmers, smaller companies lack the know-how and personnel to take care of themselves. Or money to hire a specialized law firm.
The offer includes two components. On the one hand, there is professional advice, for example, if a medium-sized company has become a victim of a hacker attack. Some of the nearly 250 employees are lawyers.
Head of department without state examination
On the other hand, the cloud platform. This is intended to support customers in designing, monitoring and documenting their business processes in compliance with data protection regulations. For example, if a company plans to send e-mails in a marketing campaign, it receives information about potential risks. According to the claim, this should also be understood by a managing director or a department head without a state examination in law.
According to Regier, this is not a one-off test, but a fixed part of the daily work: “The customer’s infrastructure and processes are constantly changing.“
Dataguard offers a subscription model. The start-up does not disclose how much this brings in, it only points out that it has tripled its customer base within two years. The recurring annual turnover is estimated to be in the low double-digit million range in industry circles. Its largest customers include Canon, Hyatt and Unicef.
It should not stay with data protection
The government does not see direct competitors. The US company One Trust, which took over the German start-up Planetly a few months ago, offers a similar solution. However, according to the founder’s assessment, it is aimed at larger organizations.
It should not stop at data protection. Dataguard wants to extend the proven principle to information security and compliance. There are many overlaps here: a security gap in IT can become a data protection problem – and management is liable for this.
It is precisely this ambition that appeals to the donors: “Over the next ten years, companies worldwide will invest tens of billions in compliance and security in order to become and remain trustworthy partners,” explains One Peak. Dataguard helped to establish a new service category in this area.