Connect with us


Data protection and privacy: 4 tips to help start-ups comply with the law



Protection des donnees

Problems of privacy or data protection of internet users are not the prerogative of large groups. Indeed, start-ups, even in their early stages, are monitored by privacy regulators.

Discover through 4 tips on how to avoid serious problems for your start-up in terms of respecting the confidentiality and protection of your users’ data.

What is the legislation for data protection and privacy?

Many companies collect data from their users online. Whether through cookies or forms, internet users sometimes leave a lot of their privacy on the web.

According to CNIL, personal data is “any information relating to an identified or identifiable natural person”.

Regarding the collection of private data, there is the General Data Protection Regulation (RGPD), a European regulatory law that entered into force on May 25, 2018.

Any entity, whether private or public and that collects or processes data is affected by the GDPR.

Tip # 1: Explain your data collection policy

On this point, be clear and state clearly what you are doing. This is because your start-up must have a privacy policy if your app or website collects, uses or discloses information that could be used to identify a person or device.

Your users need to know exactly what you are collecting, what you do with the collected data, and with whom you are likely to share it with. So let users know about your privacy policy and the steps you take to protect their privacy.

Of course, it is not only appropriate to display and say what you do but also to do what you promise. Honor your commitments and actually implement your privacy policy.

Ensure you have full consent before the collection of data, and it must be free, informed, specific and unambiguous.

Tip # 2: Secure the data your start-up collects

If you need to collect personal information and data about your users, it is essential to protect them. A first tip to avoid a leak of the private data collected is to use a VPN. By simply using this virtual private network, you secure your start-up’s network and prevent malicious people from intruding there and using the data collected against you.

Tip # 3: Only collect the data you need

Collecting more data than you need can be tempting, thinking it will be useful in the future. However, this can put you in problems.

Indeed, it is advisable to think upstream of the types of data that your start-up needs to collect according to how you plan to use it and its relevance. For example, it is likely that certain features are more practical for the user but are not vital for the optimal functioning of your start-up. In this case, do not systematically collect the data but suggest to the user whether or not to activate this feature. A typical example is a geolocation. It’s useful for the user to visit your start-up’s website, but you don’t need to know where the user is located.

Tip # 4: Plan for data portability

Users should be able to recover all or part of their data if they wish. Your start-up must inform your customers of this right and tell them how to proceed.

Plus, plan what you’ll do if you find yourself having to outsource the management of your users’ data to a third party.

While it is often very tempting for start-ups to think that worrying about user privacy is only the responsibility of large companies, it is important to comply with the law. Indeed, non-compliance with the GDPR involves sanctions ranging from a simple call to up to a fine of $18 million. Not to mention the poor reputation your start-up would have.

I'm a passionate full-time blogger. I love writing about startups, how they can access key resources, avoid legal mistakes, respond to questions from angel investors as well as the reality check for startups. Continue reading my articles for more insight.

Click to comment

Leave a Reply

Your email address will not be published.


Top of the month