When building your company, particularly if it’s a tech company, user privacy and data protection regulations are likely to be one of the last things on your mind. There are way too many other things to worry about.
Yet still, looking at a big business like Google getting into trouble with European authorities due to personal data protection and ‘the right to be forgotten’, it would be somehow naïve to expect that you as a small business can get away with not being concerned about it at all.
Even more so if your business is largely or at least to some extent about gathering user behaviour information and data analytics. These are three reasons why tech startups should care about user privacy and data protection – and how to address it:
1. User data is likely to be one of your key company assets. And a heavy regulated one too. Imagine making cars or aircraft and not being interested in road traffic or air traffic regulations? The answer is simple: your vehicle would not be allowed on the road, and your airplane would not be allowed to take off. Similarly, if you are gathering user data and try to make a profit out of it, your business model could be illegal – and consequently worthless.
So take time to check what you need to do before you gather individuals’ data, and for what purposes you can use it. Do not worry, a huge majority of businesses have learned how to do it right if they put some effort in it.
2. Regulators and penalties are getting harsher. In Europe, businesses not complying with data protection regulation may be susceptible to fines of 2-5% of their annual turnover under the rules of coming EU Regulation. This is not to say that you can wait for the new EU Regulation to become law because data protection legislation is already there – the UK Data Protection Act 1998. If you don’t get your data collection right under the current legislation, you might find it difficult to adapt your business model later on. This is so because a legal ground for data processing must already exist at the point of data gathering.
3. Think data minimisation. Yes this might be difficult to achieve in the age of Big Data. But it might help you comply with data protection laws because you might need to demonstrate both necessity and proportionality of your data processing operations. And remember – Big Data is not necessarily ‘smart data’ so it might be worth considering what personal data you really need.
Article written by Dr. Bostjan Makarovic is the founder of Aphaia, a regulation and CSR consultancy, and an IAPP-certified privacy professional.
Need A Bespoke User Privacy And Data Protection Policy For Your Tech Startup?
Then we’ve got you covered! Click the image below and place your order for a bespoke user privacy and data protection policy that protects you and your customers legally.