There is some good news for start-ups worrying about how GDPR may affect them, or so a leading expert on data privacy told us.
For the start-up, it can feel like a quagmire. If it is applying the ideas of the lean start-up, meaning ‘develop a simplified version of your product rapidly and test it, then tweak and advance, based on what you have learned, before testing it again’, then attempting to be GDPR compliant can pose a large fixed cost.
And there is no doubt that the General Data Protection Regulation, coming into force later this month is not easy to understand.
Some warn that it poses a threat to efforts to create a more entrepreneurial Britain, ceding the advantage to established firms that can afford lawyers and in-house data protection officers.
But, Elizabeth Denham, the (UK’s Information Commissioner) has said that one of her big focuses is supporting small businesses, or so Nicola McKilligan-Regan, an expert on data protection and privacy, told us.
“I would say to a small business, talk to the regulator, either on a no-name basis or get written advice,” she said.
Nicola is the author of the Pocket Guide to the Data Protection Act, and the forthcoming GDPR and DPA 2018 edition of that book, as well as Senior Partner at the Privacy Partnership, and the founder and CEO of Smart Privacy.
She said: “The ICO (The data protection and privacy regulator in the UK) has specialist teams in different sectors. And going to the ICO is cheaper than going to a lawyer.
“My advice to a lean-startup talking to the ICO, is to provide it with as much information as possible. If you get written advice keep it, if you get advice from an ICO help-line, take accurate notes, the name of the person you spoke to and the date and time of the call.
“But you need to know enough about GDPR to recognise you have a problem.”
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/