Skip to main content
Sign up to updates
FIND A LAWYER
MENU
FIND A LAWYER
Join us
  1. Our Culture
  2. Solicitors
  3. Trainees
  4. Business Support
  5. Current Vacancies
  6. Work Experience
Back
Join us
  1. Our Culture
  2. Solicitors
  3. Trainees
  4. Business Support
  5. Current Vacancies
  6. Work Experience
About us
  1. Our Story
  2. Diversity and Inclusion
  3. Environment
  4. Wider Society
Back
About us
  1. Our Story
  2. Diversity and Inclusion
  3. Environment
  4. Wider Society
  1. Joint Ventures
  2. Mergers & Acquisitions
  3. Commercial Law
  4. Data Privacy
  5. Support for the DPO Package
  6. Intellectual Property
  7. Company Formation
  8. Commercial Law & Corporate Governance
  1. Commercial & Contract Disputes
  2. Company & Shareholder Disputes
  3. Construction Disputes
  4. Contentious Trusts & Probate
  5. Energy and Oil & Gas Disputes
  6. Injunctions & Emergency Interim Relief
  7. Financial Services Disputes
  8. Fraud & Asset Tracing
  9. Intellectual Property & Technology Disputes
  10. International Litigation & Arbitration
  11. Judicial Review
  12. Mediation & Other ADR
  13. Litigation Property Disputes
  14. Public Procurement Challenges
  15. Tax Disputes
  1. Employment law
  2. Pensions
  3. Data Privacy For Employers
  4. Workplace Investigations
  1. Sales & Purchases
  2. Commercial Landlord & Tenant
  3. Restaurants and Leisure
  4. Investment
  5. Strategic Land
  6. Development
  7. Construction
  8. Property Disputes
  9. Leasehold Enfranchisement
  10. Residential Property
  11. Property Guardianship
  12. Building Safety
  1. Wills
  2. Inheritance Tax & Estate Planning
  3. Trusts
  4. Estate Administration
  5. Powers of Attorney
  6. Society of Trusts & Estate Practitioners
  7. Contentious Probate
  1. UK Market Entry
  1. Risk & Compliance Strategies
  2. Data Privacy
  3. Data Privacy For Employers
  4. Support for the DPO Package
Back to main menu
Expertise
  1. Corporate &
    Commercial
  2. Disputes
  3. Employment
  4. Real Estate
  5. Wealth Preservation
  6. International
  7. Regulatory
Back to SERVICE LIST
Expertise
Corporate &
Commercial
  1. Joint Ventures
  2. Mergers & Acquisitions
  3. Commercial Law
  4. Data Privacy
  5. Support for the DPO Package
  6. Intellectual Property
  7. Company Formation
  8. Commercial Law & Corporate Governance
Back to SERVICE LIST
Expertise
Disputes
  1. Commercial & Contract Disputes
  2. Company & Shareholder Disputes
  3. Construction Disputes
  4. Contentious Trusts & Probate
  5. Energy and Oil & Gas Disputes
  6. Injunctions & Emergency Interim Relief
  7. Financial Services Disputes
  8. Fraud & Asset Tracing
  9. Intellectual Property & Technology Disputes
  10. International Litigation & Arbitration
  11. Judicial Review
  12. Mediation & Other ADR
  13. Litigation Property Disputes
  14. Public Procurement Challenges
  15. Tax Disputes
Back to SERVICE LIST
Expertise
Employment
  1. Employment law
  2. Pensions
  3. Data Privacy For Employers
  4. Workplace Investigations
Back to SERVICE LIST
Expertise
Real Estate
  1. Sales & Purchases
  2. Commercial Landlord & Tenant
  3. Restaurants and Leisure
  4. Investment
  5. Strategic Land
  6. Development
  7. Construction
  8. Property Disputes
  9. Leasehold Enfranchisement
  10. Residential Property
  11. Property Guardianship
  12. Building Safety
Back to SERVICE LIST
Expertise
Wealth Preservation
  1. Wills
  2. Inheritance Tax & Estate Planning
  3. Trusts
  4. Estate Administration
  5. Powers of Attorney
  6. Society of Trusts & Estate Practitioners
  7. Contentious Probate
Back to SERVICE LIST
Expertise
International
  1. UK Market Entry
Back to SERVICE LIST
Expertise
Regulatory
  1. Risk & Compliance Strategies
  2. Data Privacy
  3. Data Privacy For Employers
  4. Support for the DPO Package
Sectors
  1. Agriculture & Rural Business
  2. Charity & Not For Profit
  3. Education
  4. Media
  5. Technology
Back
Sectors
  1. Agriculture & Rural Business
  2. Charity & Not For Profit
  3. Education
  4. Media
  5. Technology
  • All content
close
ARTICLE

That Light Bulb Moment: Start-ups and GDPR: what you need to know

, /

Tight budgets and creative focus mean that start-ups sometimes bury their head in the sand when it comes to data privacy law. But the law applies to businesses of all sizes and nature: start-ups are not exempt.

The main source of data privacy law is the GDPR. This applies in both the EU and the UK – Brexit does not change this. Under the GDPR, protection of personal data is a fundamental right. Organisations need to treat personal data with the same importance they treat taxes and employee rights.

In short, your start-up must comply with the GDPR. So what do you need to know?

What is personal data?

In brief, any information from which a living person can be identified. This is a broad definition, and covers a lot of modern business-critical and valuable information, for example:

  • names, emails and phone numbers;
  • photos, video and audio;
  • social media accounts, profiles and activities;
  • user preferences and commercial habits;
  • IP addresses and device identifiers;
  • geolocation;
  • information collected by cookies; and
  • bank / payment card / account information.

Do you use it?

It’s such a broad definition that it’s impossible to do modern business without it. Personal data may also have specific marketable value to start-ups, especially when trying to build a customer base.


What does that mean for you?

You have to comply with rules set out in the GDPR and other data privacy law.

What are those rules?

Rule Comment
Lawful use Having a GDPR-recognised justification to collect and use personal data.
Use limits Using the minimum personal data needed to carry out your lawful uses.
Transparency Telling people when, how and why you use their personal data.
Sensitive data Putting in place additional safeguards to use more private information.
Individual rights Complying when people exercise statutory choices.
Data security Taking physical and IT security measures to protect data in our hands.
Security breaches Knowing how to recognise, and react to, an incident.
Prior assessments Conducting additional documentary compliance for some riskier uses.
Data sharing Specific terms need to be agreed depending on the type of recipient.
International transfers Transferring personal data outside the EEA requires additional action.
Marketing Email and phone marketing is not possible without prior consent.
Cookies You need website users’ consent and must give them precise information.
Governance Appointing an individual / team with sufficient expertise and influence.

How do we comply with the rules?

Primarily through a combination of specific compliance documents, template contracts, organisational training and smart governance. It is important to acknowledge that you are bound under the GDPR to comply with these rules proactively.

What happens if we break the rules?

The consequences include:

  • fines (up to the higher of 4% annual worldwide turnover or €20m);
  • lengthy business / operational interruption;
  • individual/group court claims;
  • loss of consumer confidence in a young brand; and
  • avoidable legal expenditure.


What should we do?

The reality is that the GDPR and other data privacy law applies to your start-up. Take early and proactive steps to try and comply. European regulators look more favourably on organisations which have had a go at compliance but got it wrong compared to those which have not tried at all. This can be the difference between a written warning and a damaging fine.

Remember in particular: compliance with GDPR and the viability of business development in a post-GDPR world are two important points that prospective investors now check as standard.

How can Greenwoods GRM help?

We have designed a series of advice products which help organisations of all sizes, financial resource and ages, such as:

  • a short and lay user-friendly “playbook” which explains the rules, identifies applicable compliance measures, explains when to use them and provides templates;
  • an outsourced in-house governance service (if nobody internal has the expertise or time resources required); and
  • a data privacy “health check” which assesses the level of your compliance and suggests remedial actions.

To talk through any of these issues get in touch with Priya Thapar on +44 (0)20 3691 2063 or email pthapar@greenwoodsgrm.co.uk

 

Greenwoods Legal LLP is a Limited Liability Partnership, registered in England, registered number OC306912. Our registered office is Queens House, 55-56 Lincoln’s Inn Fields, London, WC2A 3LJ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London. Authorised and regulated by the Solicitors Regulation Authority, SRA number 401162. Details of the Solicitors’ Codes of Conduct can be found at www.sra.org.uk. All instructions accepted by Greenwoods Legal LLP are subject to our current Terms of Business. VAT Reg No: 161 9287 89.




    By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing mailinglists@greenwoods.co.uk





      By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing mailinglists@greenwoods.co.uk