Give me another GDPR post. Said no-one, ever

4 minute read

13 July 2018

By Insights Team

Innovation Reporter, Upstart

This Is not Another GDPR Post Graphic (200x200).png

The four letters GDPR have been terrorising business and consumers alike in recent months.  We figured you needed an update about our privacy policy like you need allergic rhinitis right now. Instead we’ll tell you about a revelation and an insight about SaaS business models

TL:DR We cut straight to it - speed is essential to the way we work. We became GDPR compliant with an updated privacy policy with a few clicks of a button thanks to a far-sighted SaaS product . 


How did we deal with GDPR?  First step was the usual human tactic - denial. While everyone’s mailboxes fried with last-minute updates about their privacy policy (big shout out to the companies whose notices came in at 23:55 on 24 May) - we held back. 

We’re a responsible company, and we didn’t flagranty break the law.  At the same time Truth and Clarity are two of our core values, and we wanted to be honest about what we were doing with data.  The reality was, like most companies, we’re increasingly reliant on SaaS and cloud products for marketing, sales and service delivery. So we actually *didn’t know* how data was being used - and finding out is a nightmare for any fast-growing company.  To play it safe, we stopped our outbound emails until we knew what we were doing. 

Then out of nowhere came a memory - winging its way back from a Seedcamp mentoring session in August 2011. I was privileged to see Busmapper (now the giant that is Citymapper) Transferwise, and a service called Iubenda. Founder Andrea Giannangelo was selling his outsourced privacy policy service - “it’s a boring legal requirement which companies don’t want to do” he explained then.

Our third core value is Speed- we try to outsource things that take away from key operations. Through our “holy trinity” of deep integration between cloud and SaaS tools to flatten lines of communication we massively increase production and collapse timelines from months to weeks. Creating our privacy policy involved ticking a few boxes and in a few hours we had a fully comprehensive and trustworthy policy to hand.

So What? 

Some 7 years ago, GDPR was just a twinkle in the regulator’s eye, and what didn't look like a pain point became 2018’s business headache worldwide. At the less sexy - let’s say it - boring end of business, these kind of problems are being taken care of by attractively-priced services which get the job done. SaaS and cloud models have powered the growth of startups, enabling digital companies to go from a single user to one million without the headache of plugging in servers.

Salesforce enabled bus dev teams to collaborate at scale and speed worldwide. Now AI, Natural Language Processing and Understanding on demand are powering a new revolution.  

The financial services industry has seen a growth in Regtech - outsourced services which ensure compliance to regulation. Regulations such as GDPR or Basel (I-III) in the financial services industry have a way of fuelling compliance solutions - Deutsche Börse's Clearstream for clearing is just one example.

In the meantime Iubenda has a slick service with a SaaS model offering complete and tailored services integrated right when everyone needs them.

So Now What? 

Three things are clear from our brush with the law:

1. There’s a disruption story here. In the months leading up to GDPR, we were beset with email offers from lawyers and consultants offering forensic audits and compliance solutions.  We could only imagine the noughts on the day rates they were going to charge us. In the end our solution cost us €29 a year. And whenever the regulations or best practice change, or we add a new cloud service, we can simply push an update to the site. 

2. Professional Services are already being disrupted. If you’re a lawyer, consultant, accountant or business professional, services like Iubenda or G2Crowd can replace you. Are they a substitute for your work? No, but like all disruption, they start at the bottom and provide a service at price point which satisfies a larger market - a market that can’t afford you. 

3. It’s not always easy to see the big problem. Seven years ago, not having a privacy policy didn’t look like a pain point, but a niche service was created - and is flourishing due to far-sightedness of the founder the ever changing market and regulations. 

Didn’t think that having a detailed Privacy Policy could be so easy? Take a look at our updated policy here to see if it’s up to scratch.

Want to talk?

To find out how your organisation can better collaborate

Stay in the loop. Sign up to our newsletter

Scroll to Top