DataGuard locks down $61M for data protection as a service

Companies are facing hundreds of millions of dollars in fines these days for failing to comply with data protection and data privacy rules, and that’s driving wave of organizations, and their users, to get more serious about data protection. One of the byproducts of that has been the emergence of new technology to meet that increase in activity.

DataGuard is a Munich-based startup that has leaned into the SaaS-based business model to provide privacy, information security and other data protection as a series of on-demand, cloud-based “as-a-service” tools to small and medium-sized businesses, and today it’s announcing that it has secured $61 million in a Series B round of funding led by Morgan Stanley Expansion Capital to double down on the market.

The investment also includes One Peak, the U.K. VC that led DataGuard’s last fundraise of $20 million in 2020, the startup’s first-ever outside funding. Bastian Nominacher (co-founder / co-CEO of Celonis), Hanno Renner (co-founder / CEO of Personio) and Carsten Thoma (founder of Hybris) are also participating

DataGuard is not disclosing its valuation. But as another marker of how it is doing, despite the wider contraction that we’ve seen in the tech sector, this startup continues to grow. It now has more than 3,000 customers across 50+ countries, and they in turn are providing tools that cover over 40 million individual users — employees, customers, and other stakeholders. This is triple the 1,000 customers it had in 2020. While DataGuard doesn’t disclose specific revenue numbers, it says that revenues have also grown, some 10x in the last year. Its definition of SMB is somewhat fluid and includes bigger mid-market end users: the customer list includes familiar names like Canon, Hyatt, and Unicef.

DataGuard provides a range of tools across privacy, information security and compliance that can assess the different ways that data is being used by an organization. It analyzes this data to determine whether a company is compliant with various certifications (for example, GDPR, CCPA, ISO 27001, TISAX, or SOC 2); and if not, what it needs to do to become compliant.

The basic idea behind DataGuard is that while larger enterprises might have teams of in-house staff — lawyers, engineers and data scientists — working to monitor, implement and adjust that org’s data protection, privacy and compliance policies (a strategy that, even with lots of people and budget piled on it, often still goes wrong); smaller organizations might have less human resources but just as big of a task to grapple with.

Its target audience, said Thomas Regier (above, left, who is co-CEO and co-founder with Kivanc Semen, right), are “those with maybe just one IT security person,” who may be a specialist in network security but not data security. Some of its customers, he added, may not have in-house security experts at all: the task of how to make sure data protection is implemented legally and soundly falls to, say, a marketing team: that’s because online interactivity with individuals …read more