Ryan McErlane knows the challenges small- and medium-sized enterprises face on a daily basis, as he is the co-founder of one himself. McErlane heads up Dataships, a privacy technology vendor based out of Ireland that has created a solution specifically geared toward SMEs.
While privacy tech vendors have focused on large, multinational organizations, McErlane said SMEs have not received the same level of attention. Now that those companies are starting to catch the eye of regulators, McErlane believes Dataships is in a prime position to fill a gap in the marketplace.
Dataships' primary offering is its Privacy Centre, a "one-stop shop" where SMEs can handle all of their compliance obligations. After signing up for an account on the Dataships website, users will be contacted by the tech vendor for an onboarding call. During this conversation, Dataships asks clients a series of 40 questions in which they run through everything from the company's legal name to the types of data they store.
McErlane said the data discovery portion of the call is particularly important, as it can be an eye-opening experience for SMEs.
"A lot of the time when we are talking to (SME) owners, they use these applications, but they don’t know what’s in them," McErlane said. "We can find the standard fields in those (apps) based on us integrating with them."
After the call is completed, Dataships takes all the information it gathered and uses it to create a privacy notice for the organization. Dataships then uploads the privacy notice to the organization's own Privacy Centre, which is embedded onto their website. McErlane estimates the entire process takes one to two business days.
In the Privacy Centre is the Data Access Gateway widget, a feature designed to automate data subject requests. The center also includes a cookie consent tool and provides documentation for both internal and external audits.
McErlane said Dataships was never meant to serve as competition to larger privacy tech vendors that target the Fortune 500s of the world. Rather, he wants the company to help those that need a simpler solution to handle their compliance requirements.
Enterprise-level tools are helpful to those who need them; however, McErlane said they are simply too much for SMEs to use properly.
"They are fantastic tools, but they are enterprise software, and you almost need a team of people managing them," McErlane said. "For (SMEs), they simply don’t have the resources to manage these tools. They are always looking for tools that run in the background."
The lack of resources affects SMEs beyond privacy tech. In his conversations with clients, McErlane said smaller business owners in Ireland and Europe didn't fully understand the impact Brexit would have from a data compliance and data transfer perspective.
McErlane hopes Dataships can be a resource for those companies to lean on as the privacy landscape continues to change.
And it may be coming at the right time. In the early days of the EU General Data Protection Regulation, questions swirled around how regulators would handle enforcement, particularly for companies with higher profiles. McErlane said smaller organizations had some time to sit on the sidelines, but that time is quickly coming to a close.
"All the big companies, the enterprise 500s, the huge corporations that we are seeing in Ireland, were ahead of the curve. They had to get things ready for the GDPR," McErlane said. "The smaller guys kind of got away without doing anything for a while. They were seeing what was going to happen with the fines. They were waiting until now when the fines are starting to hit smaller companies."
Of course, not every SME will need privacy tech. The ones that will call upon Dataships will be the ones that hold onto sensitive, regulated data. For those smaller organizations, the need to adhere to privacy laws is just as strong as their larger counterparts.
"What we are seeing is certain industries have a shallower depth of data than others. A gym, for example, tends to only have contact details, and they do a bit of marketing," McErlane said. "Whereas we have other (SME) clients, like a beauty clinic, that would be holding sensitive medical data, and it’s very important for them, just like a large company, to stay on top of their privacy, too, because of the nature of the data that they are holding."
Privacy tech vendors had plenty of incentive to market their products to larger companies over the past couple of years. Those organizations had bigger targets on their back and thus were incentivized to purchase privacy tech solutions.
But as regulators make their way toward SMEs, McErlane said tech vendors should keep these companies in mind, as well. SMEs are plentiful, and by turning their gaze to this underserved market, tech vendors could stand to see the benefits.
"90% of the companies in our own country are (SMEs)," McErlane said. "That’s where the long tail of opportunity is, and if privacy vendors can get that area right, it’s going to be incredibly lucrative."
Photo by Mike Petrucci on Unsplash