Seeding privacy and security by design for data
My first introduction with privacy in data was the implementation of GPDR at bol.com, NL's largest e-commerce marketplace. I vividly remember being in a room full of executives, product and legal professionals. It was some 7 weeks before GDPR in Europe would come into effect and the group gathered to kick-off the sprint necessary to make sure we would be GDPR compliant by May 25th 2018. I was there in my role as PM of recommendations and streaming data, domains that would be severely impacted by GDPR.
The sprint turned into a marathon, and it's in that room I discovered how large the gap was between the legal/policy view (both formal and from the experts supporting us) and the engineering and data perspectives.
That experience and the following weeks sew the seed (pun intended) for STRM. Around the same time, my co-founder Bart experienced how hard it was to drive innovation in senstive data domains, even in an executive role at Ahold Delhaize. The amount of coordination (and so time and money!) involved in just getting a project to launch was staggering.
We met over a beer, found each other on the topic of building from privacy forward, and that beer turned into STRM.
Seeding STRM
As a founder there's always a choice to try and take venture money or not (although VC's like you to believe otherwise - there's a lot of money that needs to be sold right now).
For us it was clear both the privacy domain and the level of (technical) maturity needed to deliver on our promise -bridging the gap between legal and data, and to help organizations balance privacy and innovation- required a level of capability that is very hard to bootstrap. Getting towards that horizon meant we first had to cross a deep investment phase while dealing with the realities of a family and grown-up stuff like mortgages.
Privacy is a relatively new field and market, and it doesn't come blessed with very clear definitions (despite the legal framework!). From a technical perspective, there's a lack of standards and best practices. As a solution category, embedding privacy inside systems is... not there yet. Some players address the cost involved in, for instance, exercising RTBF requests or cookie- and consent management, with an emphasis on compliancy over technology. But it's still very early stage to market a holistic view ("by design") where technology is essential, but ultimately enables structuring privacy at lower cost and risk while enabling more value creation. Taking the system perspective, privacy is often treated as an afterthought in data warehouses or only dealt with through access control - which is a second best alternative and both too late and too limited.
Up to us to prove there's a much better way, and it's why we decided our best shot was to Seed STRM.
You can read all about it in the press release.
We'll use this new found freedom primarily to develop and build GTM and extend an already great team. The one thing Bart and myself remind each other of is that the best proxy of success is "leren leren leren" (learning^3), and closing our Seed enables us to keep that perspective.
Thank you Jan for the early support and vote of confidence, Raffi and the Singular team for being a partner, and the excellent group of angels that provide us this opportunity.
Here's to learning! 🥂
PS We're hiring!
Want to help data teams build awesome data products without sacrificing privacy in the process? There's plenty of cool work left. Did we mention we are hiring!?