It's already our third interview in our #PrivacyMatters series and we've managed to catch Michael Kamleitner from Swat.io which is a social media management solution for agencies and enterprises. Michael is also organizing SaaS Club Vienna. Curious about his privacy- and GDPR challenges? 🚀
- Name: Michael Kamleitner
- Role: Founder & CEO
- Twitter: https://twitter.com/@_subnet
- Category: Saas, Social Media management
What is your background?
I’m running two SaaS-companies in the social media marketing space, a software developer by trade and I’ve been working in the field for 22 years by now (wow, time flies when you’re having fun building software!). Since I’ve always had a knack for entrepreneurship, I’ve also done my degree in Economy & Business administration.
While I never felt being a hardcore expert in either area, I’ve always considered my self “bridging” the worlds of software development and business. For me, that turned out the ideal sweet spot for my career. Besides SaaS, Social Media & Tech, I’m into (electronic) music and travelling (<showing a big smile>).
How did you end up founding Swat.io? And Die Socialisten?
After working for 10+ years in various roles as a (web) developer, I started my freelance business in the nascent years of social media (which we called “web 2.0” back then). In 2017 everything changed. Facebook launched its API, and suddenly every developer in the world was able to tap into this massive channel for distributing their (web-)apps.
We founded our company “Die Socialisten” soon thereafter, focussing exclusively on the creation and design of social media marketing apps on Facebook and other platforms (yeah, we even built apps for MySpace and german business-network Xing!). Being the first software agency in the German-speaking markets focussing on social media development gave us quite a headstart, and everything was good. Until in 2012, everything changed, again. After Facebook’s IPO, it soon became clear that our approach of building & spreading apps organically (“viral”, as we used to call it), was soon going to be obsolete - paid advertising was clearly becoming the main driver of Facebook marketing.
This would have been “game over” for “Die Socialisten”, if it wasn’t for this scrappy little MVP we had built to let our customers manage their companies’ Facebook pages. Doing community management & content publishing for a large audience was a pain back then, and our tool (which back then was just called “page manager”) filled a real need. It took us a year to convince ourselves that we had an actual “product” in hands, but in 2013 we kicked of Swat.io and transitioned from an agency model to being a SaaS-company.
How would you define your role?
I’m CEO at Swat.io. My main operative role is product management & -strategy, but I’m also deeply involved with my management team in marketing, sales and customer success. To be honest, I’m a bit all over the place, so the only way to make this work is having a class-A executive team!
Do you have separate privacy/data protection people in your team?
No - the core team of Swat.io is counting just 15 heads, a dedicated data protection role is a luxury we can’t afford. We split the responsibility among our team leads. Privacy, especially since GDPR, touches all our teams - sales, marketing and of course development.
Since we’re no trained experts in data protection, we’ve hired a third party to consult, audit and implement security & data protection together with us. In the field of software development, we try to implement a “privacy-by-default” approach and educate our development team in that regard.
We have a dedicated #gdpr channel on Slack, where we discuss in case a team member feels unsure about a specific question.
What are the daily tools that you use with your team?
We use a plethora of software products & tools – I even wrote a Medium article on the topic back in 2017! Our absolute must-have tools at the moment are Google Suite/Drive, Github, Slack and Notion. We also love Intercom, Drift and Satismeter.
I would guestimate that we’re currently using around 50 SaaS product across the company, most of which we had to evaluate and sign specific data protection agreements with, in preparation of GDPR.
What is key to privacy at Swat.io? Any challenges? Pitfalls?
Obviously, legislative in the form of GDPR brought a ton of challenges in 2018. We spent a lot of money and time to evaluate our whole infrastructure and codebase etc. and even more to implement necessary changes. The main pitfall here is to believe “Ok, we’re done, we’re GDPR compliant now”. This probably will never be true, given that we’re often tempted to switch parts of our stack. I’d also say that the social media space we’re in, is especially challenging in terms of privacy (he's referring to “Cambridge Analytics”).
If you had the chance to start from scratch with Swat.io, what would you have done differently to prepare for new privacy regulations?
Not a lot comes to my mind.
We’re happy and confident that we didn’t make fundamental mistakes in terms of privacy. One thing we might tackle earlier the next time is the control of data-access of our employees (a constant tradeoff, given that f.e. customer support sometimes has to access a customer’s account).
Another thing is documentation - if you’re already a few years in and only then start to document things like data retention across your app, you’re about to have a lot of fun!
What are the biggest mistakes you see other companies make?
Through my work in our local SaaS meetup I’m in touch with a lot of younger founders just getting started in enterprise software.
For some, there’s a tendency to postpone privacy-related efforts. It’s of course 100% understandable, that as a founder you’re trying to focus your scarce resources on those parts of product that is actually visible to the customer, which “privacy” rarely is.
Speaking of, maybe that would be an interesting approach: investing in UI/UX that “sells” the value privacy in a B2B SaaS. (he 😃😃😃)
What’s the hardest part of managing privacy for platforms like Swat.io?
As pointed out before, the hardest part is accepting that privacy regulations are an ongoing, never-completed challenge, that touch on basically all parts of our organization.
Also, it might be sometimes hard to accept that privacy-by-default also means: not everything we’d like to do from a product-/technical viewpoint actually should be done.
This is especially frustrating when comparing with US-based businesses, which - at least at the moment - are better off in terms of regulations.
Which companies do you admire for their privacy approach and why?
How do you manage privacy and compliance? Any (SaaS) PrivacyTech you use?
We’re working closely with an external consulting agency for auditing and implementing security measures together with us. They also run a directory of software vendors and their level of compliance.
How do you get inspired? Who inspires you?
I find most inspiration by exchanging thoughts & experiences with fellow SaaS founders. Whether it’s on conferences or at our local meetup.
What’s next for customer privacy at Swat.io?
In 2017-2018 we did invest a lot in preparation of GDPR, and I like to think we’ve succeeded so far. In 2019, we’ll continue this path, keeping privacy front-and-centre in all our efforts. There are some exciting challenges ahead, f.e. when using machine learning on customer data. So I’m pretty sure we won’t be bored anytime soon!
Thanks for your time and great insights Michael! Wishing great things with Swat.io and good meet-ups at Saas Vienna.