Setting up a business is hard work: you have limited resources, tons of stuff to prioritise and spinning plates. Here are our top tips for staying above water from a GDPR perspective.
Build your foundations
The thing is, if you don't have solid foundations you are likely to be faced with the following problems:
(a) your "house" will fall down (i.e. your data and data use will be worthless at best and a liability at worst);
(b) no one will want to buy it; and/or
(c) no one will invest in it.
GDPR compliance is not a nice to have, it's a pillar of the foundations to build your business on.
It breaks my heart every time I see a team who have spent time, money and efforts building their dream business find they are getting short changed when trying to sell it or not getting the investment they need because their compliance is not good enough (or non existent).
Do try and see the investor's/buyer's point: Would you buy a car that was built with parts no one knows where they came from and/or has never been inspected by a mechanic? No, or at least you won't pay top dollar for it - it doesn't matter how flashy it is.
Getting it right
Make sure that data is your ally, not a hindrance. By doing things properly you will be able to do more and get a good return on investment.
Remember to get the basics right:
1.What: Have a clear picture of what data you collect, document it internally. Make sure you only have strictly what you need and you know where it is coming from.
2. How: Understand how everyone in the processing chain processes data. Make sure data is kept safe at all times. Train your team to process data properly.
3. Who: Know who will have access to the data and in what terms. Make sure your contracts with third parties are solid and that anyone you allow to access your data has good privacy compliance. Do not assume it will be ok, always ask for evidence of compliance - if things go wrong a warranty won't solve the financial and representational issues you'll encounter and that may make or break your business.
4. Why: Understand what you need and why it is legally ok for you to have it.
5. Put users first: Explain to users what you're doing and why, uphold their rights.
Keep on believing, keep on dreaming, keep building your dream business and make sure your dream is built on foundations that will make it a success.