The Munich-based startup Usercentrics was founded at the beginning of this year and quickly established itself as the market leader in the field of consent management platforms (CMPs). The software-as-a-service solution enables users to obtain, manage, and document their consent to data processing on websites in compliance with data protection regulations. With its technology, the young company met the requirements of the German Federal Data Protection Act (BDSG) in 2018 due to the new GDPR with their customers aon open ears, received a Million-dollar financing and currently employs over 20 people. The three Usercentrics founders take turns answering our seven questions.
1. Who are you and what do you do?
Mischa Rürup (CEO): We founded Usercentrics in Munich at the beginning of 2018. It all began when I met Vinzent Ellissen (CTO) through the network of my then advertising technology company, intelliAd. Vinzent has a technical background with a strong focus on data protection. Later, Lisa Gradow (CPO) joined the team. As a lawyer, she not only brings extensive legal knowledge, but also previously developed an app for GDPR end-customer rights. We all had contact with data processing before our founding and therefore quickly agreed that handling data now and in the future is unthinkable without proper data protection. Usercentrics was born from this fundamental idea.
Vincent Ellissen: With Usercentrics, companies can meet the technical challenges of the General Data Protection Regulation. We are a software-as-a-service solution that enables website operators to obtain visitors' consent to collect and further process their data, for example, to display advertising. For this purpose, we have developed a so-called Consent Management Platform (CMP).
Usercentrics does not want to “irritate internet users”
2. But that's been around for a long time!
Vincent Ellissen: What we primarily want to achieve with our product is to be the link between companies and internet users. We combine the interests of both sides: the companies that rely on user data for their business and the users who demand more transparency and control over their data.
In practice, an internet user visits a website and is informed via a cookie banner or pop-up from Usercentrics that a website operator wishes to collect personal data, and for what purpose. The user then has the option to consent or decline. This decision can be changed at any time using our tool. The user does not have to leave the site to do so, as the Usercentrics privacy button is always accessible, and just a few clicks are enough to view the settings. A very important factor for us is not to irritate the internet user. For this reason, the design and appearance are also adapted to the respective website. Our customers have maximum flexibility in how they use and design Usercentrics. We are not a static solution.
The GDPR and panic on the market: Usercentrics was able to scale quickly
3. What has been your biggest challenge so far?
Lisa Gradow: Shortly before May 25, when the GDPR came into force, there was great panic in the market. Accordingly, we were overwhelmed by the onslaught and reached our operational and technical limits. We had to react quickly and scale our platform and team to serve all customers and successfully onboardBut that also forced us to move forward faster. You know how it is: under high pressure, you suddenly get things done in a much shorter time. We now have about 20 people, and everything runs according to controlled channels and processes, which definitely makes working more pleasant. If the (next) wave of cease-and-desist letters comes along or a decisive ruling causes another panic in the market, we'll be prepared.
Planned: Series A for international expansion
4. Let’s get down to business: How is business going?
Mischa Rürup: We were founded less than a year ago and we were able to successfully launch our first financing round and will soon begin fundraising for Series A. Although we are almost break-even, we want to use the capital to finance rapid expansion into other European and, in particular, the American market.
At the beginning of 2019 we will start with the state German Accelerator program, we will venture into the US market and build an independent team there. The US is an important market for us because the GDPR is an extraterritorial law, meaning it applies to all companies worldwide that have European customers or users. This naturally includes many US companies. In addition, a new data protection law will come into effect in California at the beginning of 2020, and there are also efforts at the federal level to introduce new data regulations.
5. What does Munich mean to you?
Vincent Ellissen: All three of us were previously active in the startup scene and helped develop the ecosystem. We feel at home here and want to continue contributing to Munich's growth and prosperity as a startup hub. Data protection, security, and privacy are also a good fit for Bavaria and Munich. It's not for nothing that the most politically important security conference takes place here.
Elsewhere people are 'hungrier'
Lisa Gradow: We're fortunate enough to have found a fantastic office at Viktualienmarkt. On the 5th floor, we're practically eye-to-eye with the 'Lion Tower' at Rindermarkt, the last remaining section of the city wall built by Henry the Lion in the 12th century. This special energy of the place is palpable in our office, which is why we installed a similar red brick wallpaper to bring this strength into our home, so to speak.
What we miss in Munich, however, is the internationality of talent and a certain 'hustler mentality.' Work-life balance is very important to many people, which naturally hampers the dynamic. In other cities like Berlin, London, or New York, people are hungrier, hustling more—it's contagious and drives you to new heights.
“Data protection is ‘the new normal’”
6. How will your startup become the next unicorn? Or will we see you soon at Epic Fail Night?
Lisa Gradow: It simply cannot be denied that the General Data Protection Regulation established important fundamental principles and is here to stay. Even if it currently feels more like the calm before the storm, there are already a few GDPR lawsuits and rulings against companies. The UK's top data protection authority has even issued a warning to a Canadian company not based in the EU. Furthermore, the ePrivacy Regulation, which provides even stricter regulations to protect consumers and their data online, is already in the starting blocks. California, India, and other countries are following a similar path. Data protection is essentially 'the new normal.'
Mischa RürupCompanies that embrace this as quickly as possible and work with foresight on technical implementation will be prepared for the challenges ahead. We at Usercentrics will support them with innovative and pragmatic solutions.
7. Hiking or beer garden?
All three founders agree on this: hiking with a long break at the hut and a cold beer!
