GDPR and the lean start-up, expert has some advice

There is some good news for start-ups worrying about how GDPR may affect them, or so a leading expert on data privacy told us.

For the start-up, it can feel like a quagmire. If it is applying the ideas of the lean start-up, meaning ‘develop a simplified version of your product rapidly and test it, then tweak and advance, based on what you have learned, before testing it again’, then attempting to be GDPR compliant can pose a large fixed cost.

And there is no doubt that the General Data Protection Regulation, coming into force later this month is not easy to understand.

Some warn that it poses a threat to efforts to create a more entrepreneurial Britain, ceding the advantage to established firms that can afford lawyers and in-house data protection officers.

But, Elizabeth Denham, the (UK’s Information Commissioner) has said that one of her big focuses is supporting small businesses, or so Nicola McKilligan-Regan, an expert on data protection and privacy, told us.

“I would say to a small business, talk to the regulator, either on a no-name basis or get written advice,” she said.

Nicola is the author of the Pocket Guide to the Data Protection Act, and the forthcoming GDPR and DPA 2018 edition of that book, as well as Senior Partner at the Privacy Partnership, and the founder and CEO of Smart Privacy.

She said: “The ICO (The data protection and privacy regulator in the UK) has specialist teams in different sectors.  And going to the ICO is cheaper than going to a lawyer.

“My advice to a lean-startup talking to the ICO, is to provide it with as much information as possible. If you get written advice keep it, if you get advice from an ICO help-line, take accurate notes, the name of the person you spoke to and the date and time of the call.

“But you need to know enough about GDPR to recognise you have a problem.”

The GDPR Summit London is a dedicated event aimed to help businesses of all sizes on their journey to GDPR compliance. For more information on the event, visit the website.


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/