GDPR Considerations for New Start-Ups

Apr 3, 2019

The General Data Protection Regulations (GDPR) are pervasive, and do not only affect larger companies; your new start-up must equally maintain strict adherence to its provisions. We have provided a quick run through of the key concerns you should consider with regards to the GDPR.

Why consideration of the GDPR is paramount for a start-up
Non-compliance with the provisions of the GDPR can result in high penalties and sanctions being applied to your start-up. Depending upon the offence, you risk a fine totalling the higher of €20 million or 4% of total worldwide annual turnover.

Additionally, if you plan to sell the business, the price may be impacted if prospective purchasers discover non-compliance as they will then be in risk the fines mentioned above.

Key personal data considerations

i) What information your start-up will hold and what you’re going to do with it 

The crucial and preliminary personal data consideration will be a fact finding mission; namely an assessment of what kind of information your start-up will collect, receive and hold and then what you will do with it.

This will help you build the policies and procedures required by the GDPR.

ii) Third parties

There are two main categories of data handlers under the GDPR; (a) controllers; and (b) processors. In short, a controller makes decisions as to what to do with the personal data gained (i.e. your start-up), whereas a processor merely acts on behalf of the controller in ‘processing’ the data (for example a cloud software provider).

Both controllers and processors have obligations under the GDPR, but Controllers are subject to greater regulation and a higher burden of compliance.

iii) Marketing

 Promoting your start up is crucial to organic growth, but marketing methods can be pitfalls for breaching GDPR. The primary example is that if sending marketing emails to consumers, you will generally require their consent which has its own standard under GDPR.

Next steps
No matter at what stage the start-up is, the above considerations are vital, and legal advice on GDPR compliance is strongly advised. Our Corporate and Commercial department can offer jargon free advice to assist you in navigating the complexities of GDPR; please do not hesitate to contact us if you have any further questions on this brief overview.

This reflects the law at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought as appropriate in relation to a particular matter.

By Matthew Lea

Solicitor, Corporate and Commercial
> View profile

Related expertise

> Start-ups

 

Categories

Sign up

Enter your email address for legal updates on Corporate and Commercial law.

Please see our privacy policy regarding use of your data.


+44 (0)1276 686 222

Email: info@herrington-carmichael.com

Farnborough
Brennan House, Farnborough Aerospace Centre Business Park, Farnborough, GU14 6XR

Reading (Appointment only)
The Abbey, Abbey Gardens, Abbey Street, Reading RG1 3BA

Ascot (Appointment only)
102, Berkshire House, 39-51 High Street, Ascot, Berkshire SL5 7HY

London (Appointment only)
60 St Martins Lane, Covent Garden, London WC2N 4JS

Privacy Policy   |   Legal Notices, T&Cs, Complaints Resolution   |   Cookies  |   Client Feedback   |  Diversity Data

 

 

Our Services

Corporate Lawyers
Commercial Lawyers
Commercial Property Lawyers
Conveyancing Solicitors
Dispute Resolution Lawyers
Divorce & Family Lawyers
Employment Lawyers
Immigration Law Services
Private Wealth & Inheritance Lawyers
Startups & New Business Lawyers

Pay Online >

Please be aware that we have no plans to change our bank details. If you receive any indication that any of our bank details have changed please contact us before sending us any funds. We take no responsibility for monies you transfer into the wrong bank account.

© 2024 Herrington Carmichael LLP. Registered in England and Wales company number OC322293.

Herrington Carmichael LLP is authorised and regulated by the Solicitors Regulation Authority with registration number 446245.