News and events

Data Protection a Hot Topic – Embrace it and Watch Out for Burns!


Data protection is a hot topic at the moment, especially in the EU with the General Data Protection Regulation (GDPR) around the corner. It is true that the new rules for companies to follow are many, some are more complicated and perhaps costlier to implement than others, but especially for startups there are also great opportunities within the GDPR. Many larger and older companies are used to doing things a certain way and may have to rewrite internal rules and policies, retrain personnel and perhaps acquire new software to be able to cope with the new requirements. A startup, on the other hand, that is just setting up their business can plan according to the changes from the get-go. Moreover, the point of the GDPR is not only to increase the rights of natural persons, but also to create a more streamlined legislation across Europe, which will help companies to stay compliant.

It is most definitely advisable that startups familiarize themselves with the new legislation and learn about their customers’ rights early on, such as the right to be forgotten and the portability right, since non-compliance may lead to hefty fines and a damaged reputation.

Data Protection by Design and by Default

With the GDPR comes a requirement called data protection by design and by default. “By design” refers to the fact that companies must use measures and processes that are designed to implement data protection principles into their personal data processing activities. In other words, if you are planning a new product or service or maybe thinking about buying some new software for your company that will come in touch with personal data, make sure they are GDPR compliant. Data protection cannot (any more) be seen as an additional layer of rules to be taken into account in retrospect, but should be part of the initial planning phase. “By default,” on the other hand means, in short, that companies must ensure that only data that is absolutely necessary for each specific processing purpose is processed by default.

By embracing these principles from the beginning, you can save your startup a great deal of time and money.

Use Data Protection to Get Clients

The GDPR requires companies to show that they are compliant with the GDPR. Aside from the fact that it is indeed a requirement under law, compliance with the new obligations can also be used as a marketing strategy. Today, data protection is on everybody’s lips and data breaches are plastered over the front pages with big headlines. Use the growing public awareness and concern for the importance of personal data protection to your advantage and make it clear that your business is compliant, your customers’ data secured, and your way of handling personal data transparent.

Tick the Box!

If your startup has a mobile app or some other service that may need users’ explicit consent, remember that the “old” way of asking for consent by simply stating that “by downloading this service you consent to this, that, and the other” is no longer valid. After the GDPR, an explicit tick-the-box or similar system will be required.

For further information, please contact:
Anna Liinamaa

More news

Back to News and Events »