saas.unbound is a podcast for and about founders who are working on scaling inspiring products that people love brought to you by https://saas.group/, a serial acquirer of B2B SaaS companies.

In episode #11, Anna Nadeina talks with Stine, CEO, and Co-founder of Openli, helping companies comply with the GDPR and scale their privacy efforts.

The Importance of Security and Compliance for SaaS

As SaaS companies scale and seek to attract larger enterprise customers, the need for robust security and compliance measures becomes increasingly critical. Stine Mangor Tornmark, CEO and Co-founder of Openli, has extensive experience in this domain, having previously worked at Trust Pilot where she built out the legal team and managed GDPR compliance for the company’s global operations.

Stine emphasizes that security and compliance should be viewed as a core fundamental principle for any modern business, not just an afterthought. She likens it to maintaining a house – it’s much easier and more cost-effective to build it right from the start than to have to constantly patch and repair issues that arise from neglect. The same principle applies to a SaaS company’s security and compliance posture.

 

When to Start Thinking About Security and Compliance

 

Stine advises that it’s never too early to start prioritizing security and compliance, but acknowledges the challenges faced by young, early-stage companies. When a SaaS company is still figuring out its product and business model, it can be difficult to justify the investment in compliance tools and processes.

However, Stine recommends that companies start seriously addressing these concerns as soon as they begin gaining commercial traction and acquiring their first set of customers. This is the point where security and compliance become a “license to operate” – enterprise customers will expect and require a certain level of maturity in these areas before doing business.

Waiting until later stages to address these concerns can be significantly more costly and time-consuming, as companies often end up in a situation where they have to “clean up” a patchwork of ad-hoc solutions. By proactively building a solid security and compliance foundation early on, SaaS companies can save time and money in the long run.

 

Common Issues Companies Face

Stine has observed several common issues that companies encounter when they come to Openli seeking help with security and compliance, often when they’re pursuing their first enterprise customer or going through a fundraising round:

  1. Lack of documentation and operationalization: Many companies have basic elements like a privacy policy and data processing agreements in place, but lack the ongoing processes and tools to manage compliance on a regular basis.
  2. Reliance on manual labor: Companies often try to manage compliance through spreadsheets and manual efforts, which becomes unsustainable as the business scales.
  3. Lack of awareness around emerging risks, such as AI integration: As AI becomes more prevalent in SaaS tools, companies struggle to understand where their data is being used and how to ensure compliance.

Stine emphasizes that security and compliance are not one-time exercises, but rather an ongoing effort that needs to be woven into the fabric of a company’s operations. Automating and operationalizing these processes is key to maintaining compliance as the business grows.

 

Openli’s Plans for AI Integration

Recognizing the growing importance of AI in the SaaS landscape, Openli is exploring ways to leverage this technology to enhance its own internal processes and offerings. However, Stine is cautious about rushing into AI implementation, prioritizing a thoughtful and measured approach to ensure that Openli’s core mission and values are not compromised.

Stine notes that many companies are quickly adopting AI without fully understanding the implications, particularly around data privacy and compliance. Openli aims to provide its customers with the tools and guidance to navigate these challenges, empowering them to maintain control over how their data is used to train AI models.

 

Sales-Led Approach and Pricing Strategy

Openli has opted for a sales-led approach to customer acquisition, rather than a pure product-led growth model. Stine explains that in the security and compliance space, it’s essential to have a consultative sales process to ensure that customers understand the nuances of the offering and purchase the right package for their needs.

Openli’s pricing is not publicly listed, as the company tailors its solutions to each customer’s specific requirements. Stine believes this approach helps to build long-term, sustainable relationships with clients, rather than simply “stuffing” a product down their throats.

 

Building a Community and Educating Customers

One of Openli’s key growth strategies is the development of a strong community around legal and privacy topics. Through a newsletter, podcast, and other educational content, Openli aims to raise awareness and understanding of the evolving compliance landscape.

This community-led approach serves multiple purposes: it helps to educate the market, generates inbound interest in Openli’s solutions, and allows the company to better understand the pain points and needs of its target audience.

 

Concerns about AI and Society

Beyond the business implications, Stine also expresses personal concerns about the rapid advancement of AI and its potential impact on society. She worries about the pace of change outpacing society’s ability to adapt, leading to widespread job losses and the potential for AI-powered manipulation of elections and other critical societal structures.

Stine believes that as a society, we are not yet fully prepared to handle the profound changes that AI will bring. She calls for a more thoughtful and measured approach to AI implementation, with a focus on ensuring that the benefits are equitably distributed and the risks are mitigated.

 

Advice for Founders

Stine’s key piece of advice for founders is to not underestimate the importance of security and compliance, even in the early stages of a SaaS company’s journey. By proactively addressing these concerns, founders can save time and money in the long run, while also positioning their companies for success in the enterprise market.

Additionally, Stine recommends that founders seek to understand the specific pain points and needs of their target customers, rather than simply relying on templates or advice from lawyers. Building a deep understanding of the customer’s perspective can help founders craft more effective solutions and sales strategies.

Head of Growth, saas.group