What tech start-up founders need to know about data protection

Navigating through personal data privacy and protection can be challenging, especially when starting a new business. Since May 2018, companies need to comply with the General Data Privacy Regulation (GDPR) created by the European Union. In the UK, the GDPR became part of the Data Protection Act in 2018 while its countries were still under EU Law.

What is considered personal data?

In short, any information that can be used to identify a person directly or indirectly is considered personal data. Name, address, e-mail, IP address, date of birth, genetic, biometric and criminal conviction information are just a few examples.

How does GDPR apply to start-ups?

As soon as users start accessing your website, downloading your app, or your start-up has staff and service providers, you will be gathering data. All companies need to:

● Have a designated data protection officer (DPO);

● Have a clear and accessible Data Privacy and Protection Policy compatible with the type of business and data collected;

● Be transparent about the data they are collecting and based on consent;

● Have clear security policies in case of a data breach.

When is the best time for founders to focus on a Data Privacy Policy?

The sooner, the better. Preferably from the seed stage. The type of data you will collect and share with others, either for services you might use, customers or partners, need to be thought through from the very beginning.

Services like Trust Keith, a start-up focused on ensuring you have the right tools, policies and staff training needed to comply with GDPR and guarantee your website or app is safe for everyone involved, from staff to clients, is a great choice if you want to take the DPO weight out of your shoulders so you can focus on growing your start-up.