Talk by Marcel van der Heijden, SpeedInvest & Aircloak (Silicon Valley | AT | DE), at Stanford on Feb 26 2018, in our session: 'New EU Data Privacy Rules : Lessons & Risks for Silicon Valley Corporations & Startups || GDPR'. Website: http://www.StanfordEuropreneurs.org YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs Twitter: @Europreneurs

1. Speedinvest Vienna | Silicon Valley
GDPRHow Large is GDPR’s Impact on Companies
and Industry?
Marcel van der Heijden
Partner, Speedinvest
marcel@speedinvest.com
Stanford Engineering School | Feb 26 2018
1

2. About Speedinvest
Started mid-2011 in Vienna, Si 1 $12M from 34 LPs
Si 2 $118M from more than 100 private LPs
Si x $25M marketplace fund
US$ 145M
Capital Raised
55 | 7 In the past 7 years, we have looked at more than 7.000 startups and made
80 investments in 13 countries. By 2017, we have already exited 8 out of 20
startups from Si1 while having only 2 write-offs.
100%
Digital
We invest in early-stage digital startups.
We focus on FinTech, DeepTech, Digital Media & Consumer Internet.
Our target region is Central and Eastern Europe with a strong US link.
We are a VC with entrepreneurial focus and unique operational approach.
Working side by side with founders is key to our success.
Investments Exits

3. Speedinvest Vienna | Silicon Valley | Munich | |
KEY SUCCESS FACTORS
Page 3Speedinvest Intro 2017
SUCCESS STORIES
Operational involvement
• 2 Speedinvest partners are located in Silicon Valley and
support our companies in their go-to-market
• New Enterprise Associates (NEA), the world’s largest VC
fund by volume, is invested in Speedinvest 2
• Speedinvest invests operational resources of its senior
partners in return for additional equity shares
• The program significantly reduces the risk and leverages the
capital base of investors
Bridge to the US
• Speedinvest clear market leader in Central Europe, FinTech
ranked #1 in Europe
• Close relationships with global VCs and Tier-1 investors
Dealflow and partnerships
Shpock
Exit with >30 multiple CoC
Hitbox
Global #2 in eSports, exited
Holvi
Exited to BBVA
Wikifolio
Social trading with >500M AuM
Wefox (FinanceFox)
#1 InsurTech deal in Europe 2016
Bitmovin
$10M by Atomico.

4. Speedinvest Vienna | Silicon Valley | Munich | |
Size of Compliance Market
4
Enterprise GRC market: $22B (13% YoY). GRC consulting largest
service category (39% share)
GDPR growth driver in Security spend
PwC Survey (US Multinationals)
• > 50% say GDPR is their top data-protection priority (only 7%
said it isn’t a top priority)
• 77% plan to spend $1 million or more on GDPR
Deloitte EMEA Survey
• 39% of orgs spend < €100K, while 15% spend > €5M million.

5. Speedinvest Vienna | Silicon Valley | Munich | |
Deloitte EMEA Survey
Only 15% expect to be fully compliant
by May 2018, (most aim to create a risk-
based, defensible position)
Ready?
Survey FTSE 350/Fortune 500
94% believe they are on track to comply
with the GDPR by 25 May 2018
But < 50% have set up an internal GDPR
taskforce
Only 45% had done a GDPR readiness
assesment
Page 519/04/17

6. Speedinvest Vienna | Silicon Valley
Anecdotal…
Last year in the US
• Privacy budget sat with CPO/Legal
• Service budget, less than $100K
• No privacy budget with functional
owners
• Priorities: Assessments, Gap
Analysis, Data Mapping
• Exceptions: Tech companies with
global footprint (e.g. Uber, Apple,
Google, …)
Europe > 1 year ahead of US
This year
• Functional owners now own the
problem
• Allocated technology budgets.
• Priorities: fixing the data
“plumbing” (fundamentals) – little
retooling
• No company considers itself
“ready” by May – 2/3 year
budgeting outlook (this is not
Y2K).

7. Speedinvest Vienna | Silicon Valley | Munich | |
Anecdotal…
• Top Sectors: Financial Services, Healthcare
- Additional US Sectors: Large/Global Online, SaaS players
• Scrambling: Startups and US co’s that picked up EU users
- More flexible – can act but not sure what to do, so wait and see…
- Rise of the GDPR trolls
- Existential threat for Ad/MarTech?
• Limited platform tech updates from tech vendors
• No GDPR tech sector emerged, no specific VC focus
- Privitar: 16M round, Aircloak, 1.3M round
19/04/17 Page 7

8. Introducing Aircloak
Deliver a simple, safe way for all organizations, use cases and data types to unlock
sensitive datasets while retaining great data value / fidelity by using a general purpose
anonymization technology

9. Example Use Cases
9
Finance
• Include 3rd party data in customer
analytics and credit scoring
• Transaction analytics w/o need for
third parties
Online
• High quality segmentation for
targeting
• Deeper customer insights
• Monetize insights, share with
partners and customers
Healthcare
• Open big health databases to
insurance, researchers and
government
• Reporting and monetisation
Communications
• Central marketplace for brokering
data from different organizations
• Making geolocation
data/metadata available to
partners and customers

10. Case Study:
Aircloak Introduction Deck CONFIDENTIAL 10
Situation
•TeamBank (2nd largest bank in Germany) collects 1st and 2nd party financial
transaction data. Wants to better use data analytics to improve the quality of its
service and customer targeting – in a GDPR compliant way!
Complication
•Internal approval process for (exploratory) data analysis was complex and slow
(weeks). Once approved, the data pseudonymization by a 3rd party vendor took
another 1-2 weeks.
•Some analysis was impossible as much of the customer intelligence resides in
free text fields à non-compliant analytics
Solution
•With Aircloak the full data is accessible in real-time for analysis, yet individuals’
privacy fully protected by design
•TeamBank’s approval process is now instant for analysis done through Aircloak,
giving stakeholders full freedom to perform customer analytics.
•Exploring sharing data beyond internal stakeholders, extend to DZ Bank group
Why Aircloak?
“Aircloak provides instant
compliance, also when business
conditions change – no need for
lengthy case-by-case audits.
Just run any analysis you need to
and let Aircloak Insights
automatically take care of privacy.”

11. Case Study: Global Airline
Situation: Create better travel recommendations for Airline’s
customers
Complication: Privacy regulations prevent using 2nd party
customer data in machine learning predictive analytics
Using anonymized data presents compliance/risk challenges
and reduces the quality of the analytics too much
Solution: Using the Aircloak API the company is able to
implement its selected predictive analytics methods using
anonymized query results
The company can now make improved travel
recommendations, increasing frequency of purchased and
basket sizes.
Recommendation
Engine
use of
some customer
data legal (opt-
in)…
…use of
others not.
Aircloak unlocks data

12. Aircloak Introduction Deck 12
“Aircloak [...] opens up new
opportunities for using data and
increasing business intelligence,
while mitigating security
compliance risks.”
Mike Flannagan, VP & GM Data Analytics
“I am impressed by the simplicity
of your approach and effective
cloaking of results”
Mical Ficek, Telefonica Research
CNIL has “not identified any
obstacle in the described
principles to the three criteria of
the WP29 on Anonymisation
Techniques”
CNIL
“The Aircloak interface allows
accessing full data fidelity while
maintaining absolute privacy of
end users.”
TeamBank
“Aircloak aims to allow for the
collection of Big Data without also
collecting little data about
consumer’s life”
IAPP
“Remove the need for people to put
their trust in a data collector”
Forbes