How To Get Your Startup Ready For The Upcoming GDPR

Published on:

The EU legislators want organizations of all sizes to take accountability for the data they collect, store and share. Previously, data protection has often been a pre-ticked box form, but now GDPR puts end-users more in control on how their personal information is being collected. Here's what this implies for your startup:

The GDPR also gives individual data subjects more understanding of what is being done with their information. For up and coming startups, it means that they’ll need clear signposts around their websites about what is happening to their users’ data.

Internet Companies & Trust

According to a Eurobarometer report on online shopping and subscription habits of Europeans, 81% of them have no or partial control over their data. In addition, the leading public opinion poll across the EU has revealed that a majority of people are uncomfortable about internet companies using their private information and online activity for optimization and advertising.

What Data Is Essential For Your Business?

If you act as both a controller and processor of data, you have to work with the best practices in mind for both approaches. With so many data-based tools that businesses use, the GDPR compels you to consider exactly how much of this data you need. If you partner with a reputable data supplier, you can ask for a unique identifier for every piece of data. That will allow you to track its source and every verification point.

Although businesses, in general, have paid special attention when it comes to using customer’s personal data, the GDPR puts it in the spotlight. It ensures that you are truly upholding a customer-service relationship with the people who trust you with their personal data. So ask yourself, are you using e-marketing and social media approaches responsibly and in a way that builds a customer relationship?

Also, there is a question of relevance. If you can’t account for your data and can’t find any use for it, better start getting rid of it now. Even with the data you need, see if there is any space to abbreviate some of it, like for example full postal codes.

How Does Your Business Use Personal Data?

Once you revive what your business is doing with personal data, you need to do some data-mapping. Count in all the activities across your business operations, both in-house and customer-related. Determine what data you collect, how you are using it and who has access to it. Once you’re finished, you can make adjustments and look for weak spots. For example, you may be collecting more data than you need to store.

You may hire an external GDPR consultant or work by yourself. If your business is just starting out, the whole procedure will be much easier, as you’ll be implementing sound procedures from scratch. The Information Commissioner’s Office website and the EU’s data protection website have published help and guidance with many useful resources to follow. Look at the data you collect and assess the data security and access rights. Most of these issues follow a common sense and you can easily solve them yourself.

Just to compare how much easier this is for startups, take Callcredit Group for an example. With 1,300 employees across the globe and hundreds of millions of data transactions per month, they had programs running for 18 months checking all their products and services for possible data abuse.

Liabilities & Penalties

A lot of articles on GDPR start with a premonition that any failure to meet new regulations involves dire consequences. In EU law practice, privacy is considered one of the human rights, so every business that profits on personal data needs to take the GDPR seriously. It applies to multinational corporations as well as one-man startups, which can be fined 2% of their annual worldwide revenue or €10 million for non-compliance, and 4% of the annual worldwide revenue or €20 million for neglect. Still, it is a principle-based law, and how you are fined may be proportional to the size of your business.

How Can Startups Benefit From GDPR?

The regulation change has been made with the citizen – consumer in mind. They have more control over how their personal information is handled by businesses, including the right to be forgotten. The fact that your clients can trust you with their personal data can be a huge bonus for your reputation.

Although startups may think that dealing with GDPR isn’t worth it because there are bigger targets for institutions to go after, it’s always good to make a good legal foundation before the onset of your startup journey. It can be much harder later on when your structure expands and you indeed become a more visible target.

 *This article is not a legal instruction. This information is supplied without liability.*


Sharing is caring!