How SpatialChat Kicked Off Their GDPR-Compliance Process
- With Legal Nodes help SpatialChat team got to know what they need to do for GDPR compliance and received a roadmap of precise actions.
- The Legal Nodes team drafted vital documents, which has helped SpatialChat work with clients from the EU and fill out 20+ customer questionnaires per month.
About the Company
SpatialChat is a SaaS platform that helps people host virtual events. Unlike Zoom or Google Meets, SpatialChat allows you to create a space where people can explore and join different breakout rooms, attend virtual lectures, and use other interactive features.
SpatialChat was founded in April 2020, and the company already has over 250,000 monthly users who host virtual events on the platform. The global pandemic has accelerated the demand for tools that help teams and event organisers create unique virtual experiences focused on engagement, and SpatialChat is riding the wave created by this demand.
The Challenges of GDPR for a Startup
SpatialChat was incorporated in Cyprus (EU), and the team understood that GDPR compliance is an essential step to work with EU users and customers. At the same time, SpatialChat's team started getting customer requests for information on how the company protects customer data and what data policies have in place.
"For me as a serial founder, but first-time B2B SaaS founder, it was essential to learn about compliance in this context, since I never did that before. We found out it is important for customers in our niche to have legal compliance. We started with GDPR." - Almas Abulkhairov, CEO @ SpatialChat
Almas started his research to find out more about the topic and potentially hire a partner that will help them kick off the GDPR compliance process. But what he found was that GDPR services were more expensive than a startup could afford.
"I researched a bit and found out about DPOs, RPAs and more, and these things were complex and very expensive. For companies that have existed on the market for many years, it's less of a problem because they can hire a professional legal team to handle this, but when you are a new bootstrapped startup, you start to think, "how can we afford it?" - Almas Abulkhairov, CEO @ SpatialChat
But luckily, Almas found out about Legal Nodes from his network. Given our experience working with early-stage startups, we offered SpatialChat a quality service that was affordable and accessible for his startup. We started our cooperation to set up the foundations required for GDPR compliance.
Finding GDPR Solutions for Bootstrapped Startups
Our first goal was to increase internal awareness about data protection and GDPR principles. We started with an introductory GDPR workshop for the whole team.
Following the workshop, we built a GDPR roadmap tailored to SpatialChat's business processes that included what the team had to achieve in the immediate 3-6 months to ensure the data protection compliance fundamentals.
"LegalNodes and Vlad Nekrutenko from their team were essential to our company SpatialChat to establish our GDPR compliance. A personal thanks to Vlad, who led GDPR training for my team. He was able to explain complex GDPR concepts in plain and simple to understand language" - Almas Abulkhairov, CEO @ SpatialChat
After we started implementing the roadmap, our team also worked with SpatialChat's team to prepare the essential documents and internal policies like the record of processing activities and the Data Processing Agreement for their clients. Having these documents and procedures in place has helped SpatialChat onboard clients from the EU and meet basic GDPR compliance requirements.
One of the other challenges SpatialChat faced was the data questionnaires they had to constantly fill out for their clients. Our team helped to draft the internal policies and responses to these questionnaires. These drafts allowed SpatialChat to sign contracts with new clients and complete dozens of these questionnaires each month, which is a part of regular vendor checks for EU companies.
"Vlad drafted our key GDPR compliance documents. When I started this GDPR compliance journey, I dreamt about "GDPR as a service", but everyone I knew told me that these services don't exist. Well, I found out about Legal Nodes, and I learned that the service does exist! And the result of their work granted us a right to be called "GDPR compliant", and we've been able to attract so many more customers from the EU" - Almas Abulkhairov, CEO @ SpatialChat
GDPR-as-a-Service for SpatialChat
As a result of our cooperation, SpatialChat has raised internal data protection awareness, built the essential processes and set up the necessary documents in place to work with clients from the EU. With these GDPR compliance foundations securely in place, the SpatialChat team can continue their journey to protect their customer data and improve their processes by obtaining certifications like SOC 2 Type II.