Easing the Pain of GDPR

[This Q&A was created by and originally posted on FinTECHTalents, on 17 September 2019.  Do check out their website and the Festival!]

Keepabl offers an intuitive, customer-focused GDPR-as-a-Service solution.  Their ‘product-led’ software regularly gets incredibly positive emotional responses when people see the solution.  The two year old startup is often told by clients: ‘I can’t wait to use this’ – and this is about GDPR software!  According to Robert Baugh, CEO, Keepabl: “When the product responds to and answers the pain and concerns felt by users, without being demanding or needing training, you get that emotional response.”

What is Keepabl – what problem are you solving?

Keepabl is intuitive, customer-focused GDPR-as-a-Service. Founded in 2017, we’re based in London UK and came out of beta in September 2018. We have customers in seven countries, ranging from FinTech, through wealth and asset managers to VCs and private equity. And it’s a holistic solution – we offer a comprehensive Privacy Policy Pack that has been adopted by over 50 alternative investment funds (AIFs) and their managers (AIFMs).

We’ve won GDPR Company of the Year, been shortlisted in several awards for innovation and selected by The Fintech Power 50 for their inaugural Ones to Watch cohort. And we’ve got a growing partner network of managed service providers – we’re excited to have just announced our partnership with Alpha Reply, part of Reply Group, a leading consultancy to financial services. Keepabl is the chosen tech platform powering Alpha Reply’s GDPR consulting and vDPO service and corresponding white-label offer, where financial services can offer the same service to their business customers, addressing churn issues.

We solve the massive GDPR pain for organisations – particularly financial services, where 61% have included GDPR in their internal audit [source: PwC] yet 60% of financial services lack confidence in having the right levels of resource in place to manage ongoing obligations [source: RSM]. For example, GDPR teams need easily updatable Article 30 Records, Risk Maps, and ways to react rapidly to data breaches. We provide that in a simple SaaS solution. Our roadmap is pretty exciting! We’ll be adding the new Californian privacy law in due course on our way to creating ‘the Salesforce.com of compliance’.

The need to comply with GDPR has had a huge impact on the industry – what are some of the challenges you are seeing from your customers?

The key challenge we see comes from the sheer complexity of GDPR, which creates difficulties from the very first step of mapping your data processing activities [the biggest challenge according to 68% of financial services in the PwC Luxembourg survey], through to joining it all together in a way that relevant teams can identify gaps to fill, give good GDPR answers to internal and external stakeholders, and manage ongoing privacy governance management including relevant reactions to personal data breaches.

Many organisations lack a breach response tool and our service has proved very popular with email alerts, a ‘Breach Button’ link to make reporting suspected breaches easy, comprehensive Breach Log, help on notification requirements and more.

Organisations also struggle to determine what services they need to achieve and maintain compliance, from a governance and breach solution like Keepabl, through encryption, data discovery, secure sharing, to advice from lawyers and consultants. We’ve created the Privacy Stack to make this much easier and have signed up Privacy Stack Partners in each of these areas. We’re continually adding more great relationships, so that customers can picture what compliance looks like and easily find the right support.

We saw an interview with you where you describe how applications should have an emotional impact – how can that apply to things like GDPR compliance?

Thanks for watching! Yes, that’s a tough challenge: how to achieve emotional impact, meaning you’re speaking to your users as individuals by solving their pain points, bringing them not only value but positive happiness by helping them get the job done so they can worry less and feel good.

‘Product-led’ software businesses have a better chance of achieving this and we’re pleased we regularly get incredibly positive emotional responses when people see our SaaS solution (one reason we’re participating in the stories here at the Festival). Prospects have keenly demonstrated the service to others, and we often hear ‘You can’t go wrong with this’, ‘This is so comprehensive but so simple … I mean that in a good way’ and ‘I can’t wait to use this’. And this is GDPR software we’re talking about!

When the product responds to and answers the pain and concerns felt by users, without being demanding or needing training, you get that emotional response.

I was General Counsel of VC-backed tech companies for 13 years (LoopUp and Drayson Technologies). So I was the customer taking complex compliance requirements and converting them into achievable, practical programs for a busy business to adopt and also allow for a great answer to the outside world.

I believe the reaction we get to the product is due to that unique crossover experience and expertise leading to a tight focus on the customer, helping them getting what is a very frustrating and often unwelcome job done quickly, easily and perhaps with a bit of fun. I love hearing ‘this is so simple – I mean that in a good way’ as it means we’re hitting our target.

What advice would you give new startups in this space?

First, I’d ask them to do something else… ;). Then I’d say the first principles for any startup are the same. There needs to be a particular pain that you are solving, a pain that people will pay to solve because the solution will bring them a return. A pain you’ve personal experience and expertise in, so that you can bring something unique to your solution that speaks very strongly to your intended customer. And don’t listen to those who use Henry Ford’s alleged statement (‘If I had asked people what they wanted, they would have said faster horses’) to exhort you not to listen to customers because they don’t know what they want or what’s possible. Your obligation is to listen to customers’ needs in the context of your own skill set and experience and find out how you can help take those customers ten steps forward into their future.

We have an array of craft beers and independent music at FinTECHTalents – Give us a great song to listen to AND tell us your favourite tipple.

Excellent! Bill Withers’ Lovely Day and a light pale ale craft beer!

Keepabl will be presenting as part of the FinTech Stories Stage at FinTECHTalents this November.