Supporting many brilliant Start-ups that are ready to launch their new services, we also noticed that there are similar misconceptions on privacy and data.
We thought it will be useful to share this with you, hoping it will be useful to avoid the most common mistakes.
1) “It is all anonymized”
If you think that your Startup does not deal with personal data, it probably does.
Personal data is not simply an email address, and there is no such thing as anonymization if a data scientist can retrace back the original information in due time.
2) “Business first, privacy afterwards”
Many Startups think they can pass unnoticed to privacy regulators in their early stages. Beware: just because you run a small business does not mean you cannot cause big damage. Often it is the procedure that you put in place- and not the amount of data you are dealing with- that triggers the infringement of data protection rules.
Regulators do have their eyes wide open, but you should know that the first ones to object to a breach are your own customers. Apart from fines, loosing clients’ trust is ultimately one of the biggest damage you can do to your business.
Moreover, a successful Start-up may receive an offer from a larger company. A contract of this type will require the Startup to be compliant with current regulations: adapting a business model that is built on inadequate privacy standards will prove to be hard. Sometimes the business plan is so engrained in a unlawful data management that its structure cannot be adjusted: and that is why to get advice from a privacy professional before hand is a very smart idea. Don’t have the money? Read below.
3) “We don’t have the money”
For example, Aphaia starts with a special rate for Startups at 50 pounds an hour, that will allow a new born company to assess its privacy needs. Basically, a compass to put a business on the right direction.
However, a small difference in a business model can translate in a very big difference in legal terms.
5) “Let’s collect all the data we can, it will be useful”
In legal terms, there is a balance to be struck between privacy and business interests. Collecting every personal information you may gather is not necessarily a smart move: you may be asked to justify why you did so.
6) “All data published on social media are the same”
No, they are not! It is important to draw a distinction and to master it: it will allow you to avoid “sensitive” data and to collect more data that you think on other realms.
7) “I use a cloud provider, I am not responsible”
Your choice of a cloud provider, as well as the level of safety you can offer in sorting data, can be crucial for compliance.
8) “I don’t understand privacy regulation, my lawyer does”
Although privacy may seem- we agree – a painful headache for no-experts, the key concepts are easy to grasp, and a good consultant will first and foremost empower you.
He/She will give you the tools to understand when a new move could entail a privacy risk- basically, you’ll be able to ask yourself the right privacy questions.
9) “I am outsourcing services to third parties, so I am not responsible”
Many Startups think that outsourcing some services means also transferring the responsibility of treating their data lawfully. This is not the case. The company who first collects the data remains responsible for the data.
If at all, other companies involved in the data process may gain responsibilities too: but it does not mean that your Startup is not liable in case of inadequate use.
10) “Privacy is just a cost”
We call this approach ‘smart compliance’: be in compliance allows you to extend your business model even further.