Stay Connected

Congrats! You’re subscribed

  • Facebook Classic
  • LinkedIn App Icon
  • Google+ App Icon
  • Twitter Classic

Can the New Data Privacy Rules be Good for Your Startup?

As of late, most of us have received emails alerting us of data privacy modifications. Whether you’re part of a large corporation or own a small business, the changes in privacy rules stand to impact your professional world as well. Knowing the ins and outs of data privacy is important for most startups and is especially relevant for those who leverage data-driven marketing. Let’s take a look at the new requirements as well as how you might be able to leverage them to your advantage.

The General Data Protection Regulation (GDPR) has taken effect at the end of May, 2018.

Any company that collects or analyzes data related to people in the EU must meet GDPR standards. Moreover, Data Protection Authorities can impose fines up to four percent of the offending company's global turnover.[1]

If you do not have data policies in place, you may be wondering how to start. To comply with GDPR, it is advisable to perform data mapping. This includes locating where the data is stored, which third-party systems house it as well as the location of the servers. A key question to ask in this process is whether each piece of data you are collecting is necessary. If you have a large company, you may want to consider a software solution for this process.


“A good corporate privacy policy can shield firms from the financial harm posed by a data breach — by offering customers transparency and control over their personal information.[2]”

-Harvard Business Review


Using data-driven marketing while retaining compliance

On the one hand your customers likely want tailored content, but on the other hand they want to preserve the privacy of their data. How can your startup walk this fine line? IT safeguards are just one piece of the puzzle. Showing your company’s awareness and intent to implement GDPR may not guarantee leniency in case of a transgression but tends to tilt the scale more favorably.[3]

Your business can and should personalize the customer experience with relevant content delivered while employing a rigorous “consent” process with individual users. A good policy is to inspire confidence in your customers by being transparent about what part of their data is captured (IP address, search history, etc) as well as how this data is going to be used. Additionally, empowering your customers to take control of the data with robust opt-in options is advised.

Positive opt-in

Thinking carefully about what data you want to collect in opt-in forms can actually create positive engagement with your customers. First, by reducing the amount of mandatory fields that need to be filled, your make it easier for your customers to opt-in, thus increasing the chances of gaining a lead. Second, through this process you are demonstrating sensitivity to your visitor’s information and giving him or her a reason to think positively about your company. In this way, you can leverage how you handle data privacy to build deeper trust and loyalty with your new and existing customers.

Last tip

If you are using American companies like Mailchimp to send communications to your EU customers, get your agreement with them in writing, find out where the data is stored and make sure they are taking GDPR approved safeguard measures. Otherwise you may need to switch providers.

More on this subject:

GDPR Compliance for Small Businesses - A 28 Step Checklist/3B DIGITAL LTD Research: A Strong Privacy Policy Can Save Your Company Millions/Harvard Business Review

[1] Data Security: The General Data Protection Regulation (GDPR)/ Tech:nyc

[2] Research: A Strong Privacy Policy Can Save Your Company Millions?/Harvard Business Review

[3] What is GDPR? The summary guide to GDPR compliance in the UK/Wired