Privacy Inside š”ļø Interview Michael Kamleitner from Swat.io
Itās already our third interview in our #PrivacyMatters series and weāve managed to catch Michael Kamleitner from Swat.io which is a social media management solution for agencies and enterprises. Michael is also organizing SaaS Club Vienna. Curious about his privacy- and GDPR challenges? š
- Name: Michael Kamleitner
- Role: Founder & CEO
- Twitter: https://twitter.com/@_subnet
- Category: Saas, Social Media management
What is your background?
Iām running two SaaS-companies in the social media marketing space, a software developer by trade and Iāve been working in the field for 22 years by now (wow, time flies when youāre having fun building software!). Since Iāve always had a knack for entrepreneurship, Iāve also done my degree in Economy & Business administration.
While I never felt being a hardcore expert in either area, Iāve always considered my self ābridgingā the worlds of software development and business. For me, that turned out the ideal sweet spot for my career. Besides SaaS, Social Media & Tech, Iām into (electronic) music and travelling (<showing a big smile>).
How did you end up founding Swat.io? And Die Socialisten?
After working for 10+ years in various roles as a (web) developer, I started my freelance business in the nascent years of social media (which we called āweb 2.0ā back then). In 2017 everything changed. Facebook launched its API, and suddenly every developer in the world was able to tap into this massive channel for distributing their (web-)apps.
We founded our company āDie Socialistenā soon thereafter, focussing exclusively on the creation and design of social media marketing apps on Facebook and other platforms (yeah, we even built apps for MySpace and german business-network Xing!). Being the first software agency in the German-speaking markets focussing on social media development gave us quite a headstart, and everything was good. Until in 2012, everything changed, again. After Facebookās IPO, it soon became clear that our approach of building & spreading apps organically (āviralā, as we used to call it), was soon going to be obsolete ā paid advertising was clearly becoming the main driver of Facebook marketing.
This would have been āgame overā for āDie Socialistenā, if it wasnāt for this scrappy little MVP we had built to let our customers manage their companiesā Facebook pages. Doing community management & content publishing for a large audience was a pain back then, and our tool (which back then was just called āpage managerā) filled a real need. It took us a year to convince ourselves that we had an actual āproductā in hands, but in 2013 we kicked of Swat.io and transitioned from an agency model to being a SaaS-company.
How would you define your role?
Iām CEO at Swat.io. My main operative role is product management & -strategy, but Iām also deeply involved with my management team in marketing, sales and customer success. To be honest, Iām a bit all over the place, so the only way to make this work is having a class-A executive team!
The Team
Do you have separate privacy/data protection people in your team?
No ā the core team of Swat.io is counting just 15 heads, a dedicated data protection role is a luxury we canāt afford. We split the responsibility among our team leads. Privacy, especially since GDPR, touches all our teams ā sales, marketing and of course development.
Since weāre no trained experts in data protection, weāve hired a third party to consult, audit and implement security & data protection together with us. In the field of software development, we try to implement a āprivacy-by-defaultā approach and educate our development team in that regard.
We have a dedicated #gdpr channel on Slack, where we discuss in case a team member feels unsure about a specific question.
What are the daily tools that you use with your team?
We use a plethora of software products & tools ā I even wrote a Medium article on the topic back in 2017! Our absolute must-have tools at the moment are Google Suite/Drive, Github, Slack and Notion. We also love Intercom, Drift and Satismeter.
I would guestimate that weāre currently using around 50 SaaS product across the company, most of which we had to evaluate and sign specific data protection agreements with, in preparation of GDPR.
What is key to privacy at Swat.io? Any challenges? Pitfalls?
Obviously, legislative in the form of GDPR brought a ton of challenges in 2018. We spent a lot of money and time to evaluate our whole infrastructure and codebase etc. and even more to implement necessary changes. The main pitfall here is to believe āOk, weāre done, weāre GDPR compliant nowā. This probably will never be true, given that weāre often tempted to switch parts of our stack. Iād also say that the social media space weāre in, is especially challenging in terms of privacy (heās referring to āCambridge Analyticsā).
If you had the chance to start from scratch with Swat.io, what would you have done differently to prepare for new privacy regulations?
Not a lot comes to my mind.
Weāre happy and confident that we didnāt make fundamental mistakes in terms of privacy. One thing we might tackle earlier the next time is the control of data-access of our employees (a constant tradeoff, given that f.e. customer support sometimes has to access a customerās account).
Another thing is documentation ā if youāre already a few years in and only then start to document things like data retention across your app, youāre about to have a lot of fun!
What are the biggest mistakes you see other companies make?
Through my work in our local SaaS meetup Iām in touch with a lot of younger founders just getting started in enterprise software.
For some, thereās a tendency to postpone privacy-related efforts. Itās of course 100% understandable, that as a founder youāre trying to focus your scarce resources on those parts of product that is actually visible to the customer, which āprivacyā rarely is.
Speaking of, maybe that would be an interesting approach: investing in UI/UX that āsellsā the value privacy in a B2B SaaS. (he ššš)
Your challenges
Whatās the hardest part of managing privacy for platforms like Swat.io?
As pointed out before, the hardest part is accepting that privacy regulations are an ongoing, never-completed challenge, that touch on basically all parts of our organization.
Also, it might be sometimes hard to accept that privacy-by-default also means: not everything weād like to do from a product-/technical viewpoint actually should be done.
This is especially frustrating when comparing with US-based businesses, which ā at least at the moment ā are better off in terms of regulations.
Your inspiration
Which companies do you admire for their privacy approach and why?
When preparing for GDPR, we sought inspiration with other SaaS companies a lot. I especially liked the transparency and human voice that Hotjar has been using to explain their efforts toward GDPR compliancy. I also like the āplain Englishā version of Zapierās privacy policy.
How do you manage privacy and compliance? Any (SaaS) PrivacyTech you use?
Weāre working closely with an external consulting agency for auditing and implementing security measures together with us. They also run a directory of software vendors and their level of compliance.
How do you get inspired? Who inspires you?
I find most inspiration by exchanging thoughts & experiences with fellow SaaS founders. Whether itās on conferences or at our local meetup.
Future
Whatās next for customer privacy at Swat.io?
In 2017ā2018 we did invest a lot in preparation of GDPR, and I like to think weāve succeeded so far. In 2019, weāll continue this path, keeping privacy front-and-centre in all our efforts. There are some exciting challenges ahead, f.e. when using machine learning on customer data. So Iām pretty sure we wonāt be bored anytime soon!
Thanks for your time and great insights Michael! Wishing great things with Swat.io and good meet-ups at Saas Vienna.
Johan
