The post-2018 data protection landscape II
In this second part we will look at some more aspects of the GDPR and formulate ways for the startup community to stay inventive in the EU.
The more severe in terms of red tape may be the requirement to appoint a data protection officer who, just to be clear, is not the same as the lawyer that ensures the compliance with the GDPRs obligations. The DPO is the contact point to your DPA (Data Protection Authority) and will educate your staff on how to go about personal data treatment.
Startups should will have to accept that the first 10 employees will probably include one lawyer and one data protection officer. Hurray!
The regulation further formulates several other carve-outs for micro, small and medium-sized enterprises which are laudable and surely represent the “backbone” of the EUs economy. As we outlined earlier however this will not affect most tech startups because of the role data processing plays in most of their business models. As it stands now, most startups will have to comply with the same obligations as tech giants.
So how should startups themselves but also incubators, accelerators and startup associations prepare for the gdpr-day in 2018?
- Be aware that data protection will play a bigger role in your ecosystem and deal with it proactively. It will affect the ability to innovate fast and already small startups will have to hire DPAs. Programmes should include compliance with data protection and think about how innovation can still happen.
- Team up and innovate, one of the more useful aspects of the GDPR is that it is possible to establish a code of conduct for a group of processors. Startups that operate in the EU can develop industry standards that ease the burden of compliance.
- Speak to your users and make sure they understand how their personal data relates to your service. This will ease some of the bumps in user experience. Also explain why users will not get access to some of your services in the EU.
- Speak to DPAs, next to mentors, investors and consumers your local Data Protection Authority will become a new friend of yours. Explain your business and make sure DPAs understand the upside of innovative businesses.