Connect with us

Hi, what are you looking for?

Editor’s Pick

Startup founders are busy, but they still need to prioritise privacy

Privacy is a human right. With all the reasons startups fail, ensure privacy isn’t one of them.

Nigel Jones, ex-Google lawyer and now co-founder of the Privacy Compliance Hub, says the early days of founding a growing startup are the perfect time to get your ducks in a row when it comes to privacy compliance

It’s easy to get caught up in the fast-paced world of building a startup. Most entrepreneurs start with the spark of an idea, or a problem they think they can solve. They hire engineers to build a product. They start attracting customers and/or clients and make plans for future growth, investment and features on the product roadmap. And they begin to collect data. But it’s rare that they’ve stopped for a second to think about privacy.

That’s a problem. Because privacy really matters.

And it’s down to businesses of all sizes and from all sectors to protect this fundamental human right.

Making a public commitment to privacy is good for business too. A whopping 92% of the British public say they feel uncomfortable about the number of businesses that collect data about them, and 41% say they’ll never return to a business after a breach. Investors are interested as to whether companies are complying with privacy laws, and place emphasis on this factor when doing due diligence. Falling foul of the UK General Data Protection Regulation (GDPR) can, after all, cause significant reputational damage and come with heavy penalties. The Information Commissioner’s Office (ICO) has the power to fine a company up to 4% of its worldwide turnover, or £17.5m (whichever is higher), for breaches of the UK GDPR. It has also recently gone public with its intention to name and shame companies moving forward.

With that in mind, here’s how startup leaders can prioritise privacy from day one.

Focus on your people

It’s easier to build an effective privacy culture when you’re overseeing a team of 50 rather than 500. And with 88% of data breaches down to human error, it makes sense to centre your privacy programme on the people within your organisation. Make sure there’s a comprehensive training strategy in place, with frequent refresher sessions. That’s particularly important with the shift to hybrid working, as phishing attacks are increasing in frequency and complexity. Once your team is big enough, appoint privacy champions in every department to keep compliance on the agenda. When employees understand privacy, they care about it and are willing to play their part in protecting it every day.

Consider your processes

The influx of Big Data has opened up endless opportunities for innovation in the startup world. But it does become problematic when it comes to privacy, not least because many businesses quickly become overrun by information. Start with an audit of what personal data the business collects, how it’s processed, where it is kept (and for how long), and what happens to it when it’s no longer needed. This exercise will help you streamline workflows to ensure that data is being processed in accordance with the law at every stage. You’ll also have the information you need to be transparent with customers about the data you’re collecting and why – a key requirement of the UK GDPR.

Be careful about sharing data externally

It’s a fact of modern day business that organisations increasingly share data with each other. But the UK GDPR requires you to only share personal information with companies that take privacy as seriously as you do. If one of your partners has a sloppy approach to compliance, which leads to a data breach that affects your customers, you risk a hefty fine and reputational damage. Ask the question whether it’s necessary for personal information to be shared externally at all. If it is, make sure your team is doing the necessary due diligence and that there’s an appropriate agreement in place before you start sharing data with another organisation. The buck always stops with you, even if a breach is solely down to your partner’s actions.

Get the executive team on board

Too often, privacy is seen as the responsibility of an IT or legal lead and not something that involves the entire organisation. Employees are more likely to follow your lead if you make it clear that this is something you and the rest of the leadership team cares about. Give privacy a seat at the top table by adding it to the agenda of board meetings, and appoint a key person to take ownership of driving progress forward. Someone needs to be able to look ahead and ask, what are the implications of what we’re building – in the short, medium and long term? It’s always better to build well in the first instance, rather than try to mend the dam after it’s sprung a leak. In fact, it’s a legal requirement under the UK GDPR.

Commit to developing a culture of continuous privacy compliance in the long term

Privacy isn’t a tick-box exercise that’s over before it’s begun. It’s an ongoing effort that will become part of your startup’s culture. Getting privacy right in the early days means customer data will be kept safe and treated with the respect it deserves as the business grows and adapts. That boosts innovation – when employees know exactly what they can and can’t do with data, they feel empowered to act. It builds your reputation as an ethical company, among customers and your future talent pool. And it puts you in the best place to expand into new markets or services, and scale faster than your competitors.

Keen to make sure you’re compliant? Take your free 10-minute GDPR health check here.

Cherry Martin

Cherry is Associate Editor of Business Matters with responsibility for planning and writing future features, interviews and more in-depth pieces for what is now the UK’s largest print and online source of current business news.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!


Editor’s Pick

<?xml encoding=”utf-8″ ??> Ava Whetstone-Magee, the founder of Avalanche Equestrian talks about the lightbulb moment which led her to start her business at the age...

Editor’s Pick

<?xml encoding=”utf-8″ ??> The exodus of workers from the jobs market over the pandemic has weakened prospects for Britain’s economic growth, the governor of...

Editor’s Pick

<?xml encoding=”utf-8″ ??> Will Polston, talks to Business Matters about how helping ambitious owners to maximise their potential has resulted in him becoming a finalist...


Elon Musk talks about his company’s Starlink project at the Mobile World Congress, Barcelona, Spain, June 30, 2021. — BRISA PALOMAR / PACIFIC PRESS/SIPA...


PHILSTAR FILE PHOTO The National Economic and Development Authority (NEDA) has approved seven “high-impact” projects, ranging from agriculture to transportation, the agency’s top official...


Television (TV) advertising is shifting toward addressable TV, a service that allows advertisers to show different ads to different audiences watching the same program,...

You May Also Like


COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...


REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...


BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...


KARASOLAR.COM TENA, Ecuador — Ecuador’s rainforest Achuar people say their ancestors long dreamed of a “fire canoe” or “electric fish” that would let them...

Disclaimer: Respect, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.