After TheCube in October, we continued our data protection for startups talks at Bethnal Green Ventures accelerator at London Somerset House.
The notion that data privacy regulation is something that only large and mature businesses should worry about is still all too common. That is why it was a pleasure to learn from Anna and Vicky that their accelerator was aware of the existence of risks posed by processing people’s personal information by companies, no matter how small or new these companies are.
This made our workshop both inspiring and interesting. In a two way experience exchange, we were able to apply UK and European data protection principles to Bethnal Green Ventures startups’ whose apps range from better nutrition awareness and dental care to online wills creation. We analysed the key concepts of the current laws as well as those of the coming EU General Data Protection Regulation:
- what constitutes personal information?
- is a company a data controller or a data processor?
- how do I register with the Information Commissioner’s Office?
- do I always need people’s consent to process their data?
- what happens if I anonymise or pseudonymise the data?
- what to include in a company privacy policy of a tech startup?
- can I export my data to the US?
The latter issue has been addressed in the context of the recent EU Court ruling on the US-EU Safe Harbour agreement that introduces a great deal of uncertainty into the EU-US cross border data flows. Whilst any European business, including a small startup, is free to move customer data from one EU country to another, the same no longer applies in case of transfers of Europeans’ data to the US.
If you are interested in finding our more about the relevant aspects of data protection for startups, write us to info@aphaia.co.uk On Aphaia blog, you will also soon be able to find our podcast on the new EU General Data Protection Regulation.