GDPR primer for startups and self-starters
by Startacus Admin
Chi-chi Ekweozor is the founder and lead developer at social Q&A startup Assenty. Here she aims to clarify some of the facts around the EU General Data Protection Regulation & how it impacts you as a founder of a startup.
"Perhaps you’re getting a little tired of hearing about GDPR. What is it? And why should you care? This article aims to clarify some of the facts around the EU General Data Protection Regulation and how it impacts you as a self-starter or founder of a startup.
We look at how the new regulation, which the proposed Data Protection Bill brings into domestic law, affects your privacy policy, if you have one, how you handle getting consent from customers to handle personal data, and what has changed in terms of what customers can do with their personal data.
General Data Protection Regulation (Regulation (EU) 2016/679), or the GDPR as it is commonly known, is a new piece of legislation around data protection that is currently in place but becomes enforceable after 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
After this date, companies can be faced with hefty fines if they are compliant with the current Data Protection Act 1998 (DPA), which the GDPR replaces, but are not compliant with the GDPR.
The fines can be up to £17 million or 4 per cent of the annual worldwide turnover of the preceding financial year.
Contrast this with the £80,000 which the Information Commissioner’s Office (ICO) recently fined price comparison website Moneysupermarket.com Ltd for sending millions of emails to customers who had opted out of receiving email marketing. Currently, the maximum fine companies can receive is £500,000.
So, there are harsh penalties for ignoring the GDPR, but what does it involve?
Well, the new legislation supersedes the DPA in a number of key ways. It is designed "to give control back to citizens and residents over their personal data”. This means that organisations that hold or collect data on EU citizens now have certain obligations.
According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be 
anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."There are several new ‘rights’ now afforded to citizens with regards to data protection and data privacy. These include the right to be informed, the right of access, the right to rectification, the right to erasure aka the right to be forgotten, the right to restrict processing, the right to data portability, the right to object and rights in relation to automated decision making and profiling.
As founder and lead developer at Assenty, a social Q&A startup based in Manchester, I’ve made the decision to focus on getting GDPR right now, rather than leave it till later, to avoid disruption. Maybe I’m being more cautious as a female but I’d rather deal with it now than have the headache of retrofitting Assenty’s platform with significantly new capabilities come 26 May 2018.
So, how does it affect us specifically? And how could it affect you?
Well, firstly, in light of the GDPR, we need to consider consent, how our users agree to our use of their personal data and provide a simple way to give, and, withdraw consent. Individuals must be given granular and ongoing control over their consent under the new legislation.
Assenty is a social question board service that solves the problem of answering questions from an audience. To use our services, users sign up on our site or login in via Twitter to provide name and email information. Handling consent in compliance with the GDPR is a significant new undertaking as the rules are specific - consent now has to be given explicitly, so good bye to “tick this box to opt out of receiving marketing material”, for example.
Secondly, we need to consider our privacy notice to users. The GDPR requires that a privacy notice stating the legal basis for using personal data is provided. Thankfully, this is fairly straightforward for us and the first thing we did after investigating the impact of the new legislation was update our Privacy Policy to bring it in line with the GDPR.
Thirdly, we also have to be mindful of what the new rights provided by the GDPR mean for our users.
Of special interest is the “right to be forgotten” which means the onus is now on us to provide an easy means for our users to access and delete their data.
It is important to be aware that non-compliance of the GDPR opens up an organisation to class action lawsuits - a company could be sued for handling personal data in breach of the regulation. This goes hand in hand with the new ‘right to object’ afforded to citizens.
These three examples show just how much consideration has to be given to GDPR on the Assenty platform, and we have not yet touched on the other rights, particularly the right to data portability, giving users an easy way to export their data out of the platform.
Does GDPR affect you more than you’d care to admit? Perhaps you’re asking yourself what to do first? 
A data audit or data map is a recommended approach - think through what you are doing with customer or user data and decide how to handle the transition to the GDPR.
The ICO website is a good place to start but I also recommend you hire a professional. If you run a tech startup, you have options in terms of what features to add to your platform to ensure compliance. If you don't, it’s certainly wise to audit your existing data ‘processors’ for compliance. This could be as simple as checking whether your email marketing tool of choice provides easy ways for recipients to withdraw consent.
We’ll be sharing our journey on achieving GDPR compliance at Assenty. In the next instalment I’ll cover the specifics of acquiring and managing user consent in light of the new rules."
Chi-chi Ekweozor is the founder and lead developer at social Q&A startup Assenty. She is probably erring on the side of caution as far as GDPR is concerned.
Our Latest Features
The startup that is on a mission to helps writers improve their productivity...
Blitzz join Locpin and ThriveMap who have already received investment as part of this year’s Drive with Belron accelerator programme.
Here are some of the key reasons why building a remote team could help your startup...
If you’re uncertain or need a few extra tips on the best way to hire new employees, here are a few points that will help you out.
GreenJinn has just launched its crowdfunding campaign on Crowdcube. They’re raising £600,000 to add new brands, shops & take their technology to the next level.
Talent take note. At Jobbio HIGHER, you'll be able to network & connect with some of the UK’s best tech companies & high-growth startups...
EmptyChair are building an online marketplace, but not for rooms, cars or beauty treatments, but instead to change the way people discover, book and host workshops & classes in London.
Applications are open for the Arsenal Innovation Lab, a fab looking 10-week programme for startups to test & demonstrate their products or services with one of the leading clubs in world football.
OfferMoments, the Minority Report style billboard creators, aim to disrupt the growing £1billion OOH advertising market, after a £1.5m cash injection to fund a brand new project.
The rate of inflation in the UK in August hit a 4 year high at 2.9% after being in decline for the previous 2 months. What impact might this have on UK business?
Published on: 10th August 2017
If you would like to enable commenting via your Startacus account, please enable Disqus functionality in your Account Settings.
- Belron announce £50k investment in video engagement platform providers, Blitzz 18th Sep 2017 Blitzz join Locpin and ThriveMap who have already received investment as part of this year’s Drive with Belron accelerator programme.
- Arsenal Innovation Lab scouts top startups for new ten-week programme 14th Sep 2017 Applications are open for the Arsenal Innovation Lab, a fab looking 10-week programme for startups to test & demonstrate their products or services with one of the leading clubs in world football.
- Minority Report style billboard Startup raises £1.5m for new under wraps innovation 13th Sep 2017 OfferMoments, the Minority Report style billboard creators, aim to disrupt the growing £1billion OOH advertising market, after a £1.5m cash injection to fund a brand new project.
- As UK inflation rises to 2.9% in August, what impact might this have on UK business? 13th Sep 2017 The rate of inflation in the UK in August hit a 4 year high at 2.9% after being in decline for the previous 2 months. What impact might this have on UK business?
