After the European Union passed the GDPR or General Data Protection Regulation, investor pitches have started to come to a halt with the reality that monetizing people’s data on your platform is no longer a business model.
As a contributor to Austin-based MediaTech Ventures, Scott Poniewaz, the Founder of The Pony Group, outlined the major areas that startups should focus on when preparing for GDPR and ensuring they are in compliance. Additionally, it factors in those that are US-based, but still are doing business in the EU. A few key ideas from the article are:
Will the GDPR affect your startup?
If the answer is yes to any of these questions, then GDPR will affect you:
- Do you presently work with any organizations based in the European Union?
- Do you have customers located within one of the 28 EU member states on whom you keep and handle data for marketing purposes?
- Do you have people on your email marketing lists that are EU citizens or you don’t know if they are EU citizens?
Who Will GDPR Affect?
If you’re a startup or simply have a website based in the U.S., it’s useful to familiarize yourself with GDPR for a variety of reasons. Some contradictory information exists on the internet stating that if you’re a startup or small business employing fewer than 250 people, you are not bound. This is not true. Your requirements do vary based on size, but not to the extent that it doesn’t apply to startups. The only difference is the level of detail required.
What If I Don’t Comply With GDPR?
To ensure compliance, the European Union has put in place certain standards and penalties for organizations that fail to comply. You may face a fine of up to up to €20,000,000 working out at around $24,450,000 US or a maximum of 4% of your organization’s global turnover (before any taxes you pay are deducted) for the last financial year – depending on which is greater for top-tier violations.
That is the maximum.
Summarizing GDPR Compliance
There are so many resources out there and The Pony Group put this GDPR guide together and shared it with the greater MediaTech Ventures and startup community, so everyone could at least find some basic information that will help them navigate this new era of data compliance and regulation. Ultimately, each case is unique and therefore each business should consult with a lawyer to understand how GDPR may impact their business.