Startup Corner: Guardum in focus
Guardum supports privacy by design, helping users to locate and protect sensitive data, whether they are currently aware of its existence or not. Here we ask co-founder Darren Wray (author of The Little Book of GDPR) to tell us more about the 2016-founded company and its strategy.
How would you describe your company to a friend?
Our software helps organisations find personal data stored digitally across different systems, in different departments and in different file formats. It also protects this information from exposure or disclosure to ensure compliance with data protection regulations.
And if you had to describe it to a techy?
Guardum is a content discovery and control application that uses highly advanced pattern matching techniques to find sensitive personal and company confidential information within large unstructured data sets. Guardum reduces time and resources spent on manual checks by introducing greater levels of automation, management and security into the process. Its primary purpose is to help organisations to optimise their response to Data Subject Access Requests (DSARs) to ensure they are completed within the calendar month deadline required by EU GDPR standards.
When were you founded?
Co-founders Robert Westmacott and Darren Wray – both have a distinguished background in managing and developing enterprise information security and compliance applications at a senior level.
Who are your key managers/senior execs?
Aside from the above there is Adam Shaw, Chief Financial Officer
What is your growth strategy?
We are concentrating our efforts in four areas: territorial expansion, traditional Inside sales, product development and partnerships. The GDPR has had an important impact on global privacy laws. The US market is an important expansion opportunity for us, as the data privacy landscape is rapidly evolving from a relatively benign base. In less than two years the California Consumer Protection Act (CCPA) has moved from concept to enforcement and is likely to mutate further into CCPA 2.0 later this year. As individuals, the privacy and compliance experience we have gained in serving customers in the EU since as far back as the 1998 data processing act and most recently the GDPR makes this the perfect time for Guardum to explore opportunities In the US. The fact that our investment partner DFIN solutions (NYSE ticker: DFIN), is in the Mid-West is also a huge bonus, providing us with a base and infrastructure to spring off from. In the UK and Ireland, we have taken on three new business development professionals and we are busy developing new offerings like Privacy Indexer and GuardumDSAR to enable the business to scale up as fast as possible.
From a partnership standpoint we are working with Relativity and DFIN (as mentioned previously) in the US to deliver privacy solutions to their Litigation and Capital Markets customers. We are also hopeful of securing a significant partnership with a very well-known hardware manufacturer. On completion, this will open up our sales channel to over 250+ professionals whose client network in the UK and Ireland extends to more than 20K clients.
Have you received investment?
Yes, Donnelley Financial Solutions (NYSE: DFIN) has made a strategic but undisclosed investment in Guardum.
Who are your target clients?
In-house legal, HR and compliance teams within organisations of all sizes. Private practice is also an area of interest, especially those offering Cyber and/or Data Protection services and IT.
Have there been any key changes in direction since you were founded?
Yes, our original concept was to secure supply chain vulnerabilities through risk scoring. But there were challenges with making it scale.
Around the same time a prospect was looking to protect personal information in documents hosted on their systems. To our surprise there didn’t seem to be an easy way to find and secure unstructured data available. The company decided to pivot, accepting a substantial investment from one of its largest customers in the process.
What are the key challenges you face in your market?
The privacy market although a hot topic, is still in its infancy from a technology standpoint. This makes for protracted sales cycles and a lot of time spent justifying the business case to secure the budget needed to solve the pain-points that we address.
Steve Jobs once said, “People don’t know what they want until you show them.” This certainly holds true for Guardum, as typically organizations that we routinely talk to are still preoccupied with manual redaction and broken workflows and as a whole don’t know any different. Additionally, the regulator (ICO) has been slow to penalise organizations in breach of the law. This toothless approach has led to companies taking their time over something like responding to a Data Subject Access Request (DSAR). A recent Guardum study of 100 Data Protection Officers, for example, found that fewer than 50% of responses are completed within the regulation 30-day time limit.
What are the most exciting developments you’ve seen in your market in the past year to 18 months?
Demand for privacy is becoming a global trend. Privacy “awakenings” started with the GDPR. Within 2 years we have seen the introduction and enforcement of CCPA and a pivotal change in attitudes in the US in favour of widespread privacy adoption. Additionally, there is seemingly a huge shift in attitude towards privacy by design. This change is driven by the major FAANG stocks who have seen a positive correlation in the stock performance of companies who show improved data management and governance.
According to Gartner, by 2023 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today.
Tell us something that people don’t already know about the company?
Information Security and operational compliance are in Guardum’s DNA. Not something that can be said for many other start-up businesses in this sector. Co-Founder Darren Wray is a best-selling author with his “Little Book of GDPR” which to date has sold over 500K copies. [Sorry, we gave that away at the top, but it’s a good one.]