The EU Data Privacy Regulation  is the new best startup

Most likely, your personal data was stolen last year. With over 87 million Facebook profiles breached in the infamous Cambridge Analytica debacle and 145 million credit profits stolen from the Equifax breach, more than half of Americans are recent victims of data theft.

During the latest congressional interview with Facebook CEO Mark Zuckerberg, much was discussed about policies enforcing privacy in the US. UU.

While this would undoubtedly represent a step forward, the fact is that there is already a large set of data privacy policies that will take effect on May 25, 2018 known as the General Data Protection Regulation or GDPR.

Although the regulation comes from the EU, contrary to what is believed, it will affect the tens of thousands of companies based in the United States.

Zuckerberg himself was interrogated at GDPR and, in a revealing take on his notes, indicated that Facebook still did not comply with GDPR.

Respecting GDPR requires a significant investment

but not doing so could jeopardize your customer relationship while doing so efficiently will help you get ahead of your competitors. Bottom line.

GDPR compliance can provide a significant competitive advantage from a marketing and customer relationship perspective, whether it is necessary to get started or not.

Disclosure Time: I’m not a lawyer.

I thought about getting a JD once and I even bought an LSAT preparation book, but that was the closest I got. These tips are taken from conversations with lawyers and CEOs of startups.

What is the GDPR?

The GDPR focuses on data that can, directly or indirectly, identify an EU resident. It imposes a series of conditions on the companies involved in the process of said data, whether they control the use of that data or simply act on behalf of another.

Here is a solid but digestible summary of a British law firm.

There is a wide variety of consent provisions, right to delete, data governance and more that will require significant changes for most new businesses affected by the GDPR. Which brings us to the critical question: which startups should care about GDPR?

Many CEOs with whom I spoke think that GDPR only applies to companies based in the EU. This is not the case.

The rules are “extraterritorial”, which means that they can be applied to companies involved in the processing of personal data in the EU in the context of marketing of goods or services and / or monitoring of people in the EU, wherever meet.

But the new rules don’t end there. They also have “transfer” components, which means that any company that processes EU data must have a technology stack fully compatible with GDPR. So if it is a startup based in the USA. UU.

This only serves customers based in the USA.

UU., But some of these data processing clients from the EU, you may have to demonstrate GDPR compliance.

The GDPR sets penalties of up to 20 million euros or 4 percent of global profits (whichever is greater) for major violations, and regulators with higher enforcement powers show a strong impulse to use them.

But possible fines are probably not the most compelling reason for startups to invest in compliance efforts.

allowing them to serve customers who demand compliance and exclude competitors who cannot.

In the past six months, I have heard of a growing chorus of new CEOs whose clients have been asked to demonstrate GDPR compliance. This wave may accelerate after May, particularly for startups that serve more business-level customers.

New companies that invest in compliance will now be better positioned to generate a difference between them and their competitors in terms of addressable markets.

How do startups become compatible?

The GDPR is a body of rules that will be applied and interpreted in a specific situation.  There is no seal of approval by a third party body indicating compliance.

Leave comment

Your email address will not be published. Required fields are marked with *.