Founders in Focus: DataGrail

Welcome to the next post in our Founders in Focus series. This month, we’re getting to know DataGrail, and their mission around privacy compliance.

What is DataGrail and what is your mission?

DataGrail aims to make privacy compliance easier for organizations. Our platform eliminates the error-prone, manual, and time-consuming processes associated with CCPA and GDPR. This makes it easier for customers to sustain compliance with changing regulations and build trust with consumers.

What is DataGrail’s origin story?

In 2018, Daniel Barber, Earl Hathaway and Ignacio Zendejas launched DataGrail, becoming one of the first companies to build a platform specifically designed to help organizations handle emerging privacy regulations like GDPR and CCPA. Based in San Francisco, DataGrail’s founders were uniquely qualified to build a technology-first platform to help modern companies simplify and automate privacy compliance. They have backgrounds working with massive datasets, spanning data products to consumer apps at companies like Responsys, Quantcast, and Facebook. In late 2017, the trio began exploring the challenges that businesses would face with forthcoming privacy reform like the GDPR—specifically as application growth continued to rise. Along with Okta Ventures, DataGrail has received funding from Cloud Apps Capital Partners, Operator Collective, Basis Set Ventures, Gunderson Dettmer, American Express Ventures, and several prominent angels. In support of a growing list of customers, the DataGrail team has grown from three founders to over 30 employees in just 18 months.

What is DataGrail’s solution?

The DataGrail Privacy Platform is designed to make privacy management easy. It was designed from the ground up to automate data discovery and streamline privacy programs to create less work for customers, while ensuring a higher level of accuracy and reduced risk. Knowing where data lives within an organization is foundational to any privacy program. DataGrail built its solution to directly connect with an organization's internal databases, and developed 200+ pre-built connectors with companies such as Salesforce, Shopify, Adobe, AWS, Oracle, Okta, and many others. These integrations and connectors provide organizations with an accurate, real-time view of the internal systems and third-party apps used, and all the personal data that maps onto each of those systems.

The platform can automate privacy requests, conducts real-time data mapping, and helps organizations with preference management. With DataGrail, companies can confidently reduce inefficiencies and eliminate error-prone processes to comply with data privacy regulations.

How does DataGrail’s solution stand apart from others in the market?

Only DataGrail was purposefully designed from the ground up to help companies comply with emerging privacy laws like GDPR and CCPA, which requires coupling robust data discovery with the fulfillment of tasks required by distinct privacy law requirements and regulations. DataGrail takes a deeply integrated approach, designing its platform to integrate directly with a company’s own internal databases and the popular third-party apps used by the modern enterprise. Organizations can onboard in weeks, not months, and instantly discover where personal data lives in their organization.

Recently, DataGrail added its Smart Verification functionality to the platform. Rather than forcing an individual to submit additional personal information like a passport or government ID, it enables businesses to authenticate (and verify) an identity using existing data associated with an individual’s record.

How is DataGrail working with Okta? And what support do they seek out in a corporate partner?

There are a few key principles that DataGrail considers when evaluating partnerships. In order for the partnership to be successful, we believe in 3 guiding principles:

  • Transparency: There are countless ways to introduce confusion into the whole partnership process. It is important to set clear priorities, explain positioning from the very beginning of the engagement together, and maintain transparency throughout.
  • Understanding differing perspectives: Working collaboratively and understanding different perspectives is key to success. What are the KPIs on each side, and how can both partners support each other?
  • Trust: Trust must be earned in any relationship, and a key part of that involves doing what you say. DataGrail looks for partners where we can mutually build a high level of trust together.

Why did DataGrail want to work with Okta?

The partnership with Okta made sense as both Okta and DataGrail integrate with external systems to provide a streamlined user experience. Okta provides a place to access all of your cloud apps from a single place, with one login, and DataGrail connects to apps to provide a way to monitor privacy across the organization from a single view. Together, the partnership allows joint customers to have a secure and streamlined experience when onboarding new applications, as well as handling privacy within those apps.

Specifically, DataGrail’s Okta integration allows businesses already using Okta to:

  • Use it as a “source” integration to discover apps in use that may contain personal data (PII).
  • Quickly and easily identify system owners and contacts associated with all systems for automated data mapping.
  • Securely control access to DataGrail via SSO.

What are the trends DataGrail expects to see in the data privacy industry?

There are a few different trends we expect to see in the next few months, based on preliminary data on the early impact of the CCPA. The CCPA will set the standard for privacy reform in the U.S., and it will only increase in impact as enforcement begins. Large companies, such as Microsoft, have begun supporting CCPA rights for all individuals across the U.S. to set their standard for privacy. As CCPA fines arrive in the second half of 2020, companies will be forced to respond and identify high risk areas. Later in 2020, we expect to see an increase in privacy regulation emerge from more states, and potentially an all-encompassing federal privacy bill. Finally, consumers will start to demand greater transparency and privacy across the products and services they use. Consumer-facing businesses will require that their software vendors have privacy built into their products. As a result, there will be a move by software providers to market the privacy features they include in their products.

Want more of a deep dive into the DataGrail + Okta partnership? Listen in on the State of Identity podcast! Interested in joining Want to learn more about Okta Ventures? Check out our FAQ here and feel free to reach out to our team or submit your business for review.