Privacy is a human right. With all the reasons startups fail, make sure privacy isn’t one of them.
Nigel Jones, ex-Google lawyer and now co-founder Privacy Compliance Hubsays the growing startup’s founding early days are the right time to get your ducks in a row when it comes to privacy compliance
It’s easy to get caught up in the fast-paced world of building a startup. Most entrepreneurs start with the spark of an idea, or a problem they think they can solve. They hire engineers to build the product. They begin attracting customers and/or customers and plan future growth, investments, and features on the product roadmap. And they start collecting data. But it is rare that they have stopped for a second to think about privacy.
This is a problem. Because privacy really matters.
And it’s down to businesses of all sizes and across all sectors to protect this fundamental human right.
Making a public commitment to privacy is also good for business. Tremendous 92% of the British public say they feel uncomfortable about the number of businesses that collect data about them, and 41% say they will never go back to business after infringement. Investors are interested in whether companies are complying with privacy laws, and emphasize this factor when conducting due diligence. After all, a breach of the UK General Data Protection Regulation (GDPR) can result in significant reputational damage and come with heavy penalties. The Information Commissioner’s Office (ICO) has the power to fine a company up to 4% of its worldwide turnover or £17.5m (whichever is higher) for breaches of the UK GDPR. it’s also recently gone public Intent on naming and shaming the companies going forward.
With that in mind, here’s how startup leaders can make privacy a priority from day one.
focus on your people
It’s easier to build an effective privacy culture when you’re overseeing a team of 50 than 500. 88% of data breaks are due to human error, it makes sense to focus your privacy program on people within your organization. Make sure a comprehensive training strategy is in place with frequent refresher sessions. This is especially important with the shift to hybrid working, as Phishing attacks are on the rise in frequency and complexity. Once your team is big enough, recruit Privacy Champions To keep compliance on the agenda in every department. When employees understand privacy, they care about it and are willing to play their part in protecting it every day.
consider your processes
The influx of Big Data has opened up endless opportunities for innovation in the startup world. But this becomes problematic when it comes to privacy, not least because many businesses quickly overreact to information. start with an audit What personal data the business collects, how it is processed, where it is kept (and for how long), and what happens to it when it is no longer needed. This exercise will help you streamline workflows to ensure that data is being processed at every stage in accordance with the law. You will also have the information you need to be transparent with customers about what data you are collecting and why – a key requirement of the UK GDPR.
Be careful about sharing data externally
It is a fact of modern day business that organizations increasingly share data with each other. But UK GDPR requires you Share personal information only With companies that take privacy seriously, just like you. If one of your partners has a sloppy approach to compliance that causes a data breach affecting your customers, you risk heavy fines and reputation damage. Ask questions whether it is necessary to share personal information externally. If so, make sure that your team is taking the necessary precautions and that an appropriate agreement is in place before you start sharing data with any other organization. The responsibility always rests with you, even if the violation was solely for your partner’s actions.
Get the Executive Team on Board
Too often, privacy is viewed as the responsibility of a single IT or legal leadership, not something that encompasses the entire organization. Employees are more likely to follow your lead if you make it clear that this is something that you and the rest of the leadership team care about. Put privacy at the top of the table by including it on the agenda for board meetings, and appoint a key person to take ownership of driving progress. One needs to be able to look ahead and ask, what are the implications of what we are building – in the short, medium and long term? It’s always better to build a good one the first time, rather than trying to fix a dam after it leaks. In fact, it is a legal requirement under the UK GDPR.
Committed to developing a culture of continued privacy compliance over the long term
Privacy is not a tick-box exercise that ends before it begins. This is an ongoing effort that will become part of your startup’s culture. Getting privacy right in the early days means that customer data will be protected and treated with respect as the business grows and adapts. It drives innovation – when employees know exactly what they can and can’t do with the data, they feel empowered to act. It builds your reputation as an ethical company among customers and your future talent pool. And it puts you in the best position to expand into new markets or services, and to expand faster than your competitors.
Keen to make sure you’re compliant? take your Take the free 10-minute GDPR health check here.
#Startup #founders #busy #prioritize #privacy