Why We Invested in DataGrail

Evolution of Data Privacy

In 2018 the tech world was scrambling to adjust to Europe’s then marquee data privacy law, the General Data Protection Regulation (GDPR). The big vision was to harmonize data privacy laws across all EU members under seven key principles (lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability) that broadly made rules around handling consumer data more fair, transparent, and secure. Each of the principles already existed in one form or another, but GDPR was the first to seriously introduce the principle of accountability into the mix. Not only did companies have to minimize, restrict, and protect user data, they now also had to inform users what data was collected, and give them the ability to control what can be done with that data.

The biggest companies in Europe either threw employees at the problem or ignored it altogether, a sizeable headache for many. Those that did nothing could not ignore having to pay hefty fees (4% of global revenue) and not everyone figured it out. Amazon Europe was fined EUR 746M in 2021 for failing to comply with GDPR, almost 3 years after the law went into effect. The law itself had a chilling effect on the entire world. Companies in the US who wanted to do business in Europe implemented solutions to serve European customers, and by extension offered these new protections to US customers. US states slowly followed suit introducing deeper privacy laws of their own.

It’s not just regulation that drives concern around data privacy, it is fundamentally in the cultural zeitgeist from big LinkedIn/Equifax/Facebook data breaches to the most recent controversy in women’s health. It is certain this keeps even politicians up at night and is the driving force behind new data privacy laws in modern democracies all over the world. Starting with 2023, California is bringing an even more restrictive data privacy law (CPRA) to one of the world’s most robust tech markets. As tech investors, we see supporting data privacy technologies as one of the best ways to ethically steward the use of data in its ability to benefit our economy.


Launched in 2018 in San Francisco, DataGrail was built to help enterprises automate data traceability and privacy compliance in line with GDPR requirements. The team saw explosive growth with large and mid-sized enterprises looking for a solution. The pain was biggest for those looking for a scalable long-term approach for managing immense volumes of data privacy requests. Imagine needing an entire customer support organization within a company whose only job is to keep tabs on every bit of customer data and to be able to collate it or remove it at a drop of a hat. For some companies, a non-scalable approach like this, even with a workflow tool, was simply financially untenable. DataGrail was built with this in mind, with automation and scalability first.

Enterprises can now automatically map user data across all their systems and respond to customer requests at the click of a button. Every step of the process is well refined, with the team going so far as to build and patent unique technologies for every step, enabling DataGrail customers to authenticate, search, and deliver data requests securely and with incredible efficiency.

Why did we invest?

When one of our VC friends at Felicis Ventures suggested we have a look at DataGrail, we went deep on the market to see where the opportunity was, since after all GDPR was enacted almost four years ago. What first grabbed our attention was the rapid market growth (40%+ Y/Y) driven both by consumer pressure and by emerging regulation. We think that California’s CPRA (2023) will be another major catalyst for industry growth and will reinforce the need for platforms like DataGrail for years to come.

Second, what surprised us was that many of DataGrail’s contemporaries either tried to be an incomplete all-in-one solution for privacy and security, or they offered an anemic workflow that failed to scale. DataGrail’s approach to first deeply focus on automating data privacy resulted in a robust tech platform that we believe, in the long-term, will outcompete their closest rivals. This platform enables the company to address the burgeoning middle-market, for which competing solutions are weak, and enable it to adapt to future regulation and new opportunities more easily in data privacy and security.

Lastly, we believe in Daniel Barber’s ability to lead his team at DataGrail to execute at the highest level. Despite the tailwinds, it is still a challenging market, and it requires an immensely customer-oriented team like DataGrail to continue to win. We’re excited to join DataGrail on their journey.

Link to the announcement: https://www.datagrail.io/blog/company/datagrail-funding-2022/