πŸ’»

GDPR Compliance

Data protection and cyber security is a vital part of ESG-compliance. Data is extremely valuable to every business and therefore must be handled and protected properly. The European GDPR (General Data Protection Regulation), which manages the sustainable and responsible handling of private data, has been conveyed in national data protection laws, for example, the DSGVO (Datenschutz-Grundverordnung) in Germany.

1.1. GDPR Compliance

What is the GDPR and what scope does it have?

For an overview of the GDPR, its scope, and general guidance refer to

How to handle GDPR compliance?

Depending on the size of your company and industry, or what kind of data you process, there are three different approaches founders can take to handle GDPR compliance.

β€£
In-house
β€£
Software
β€£
Agency

Generally, startups can follow available checklists to determine their data protection needs. The To-Do’s can be divided into four sections:

β€£
Lawful basis and transparency
β€£
Data security
β€£
Accountability and governance
β€£
Privacy rights

The official checklist is available here:

Another checklist can be found here:

Best Practices for an early adoption

  • Appoint a data protection officer
  • Classify all data
  • Implement an Application Tracking System (ATS) as soon as possible
  • Train employees in GDPR
  • Document, maintain and enforce privacy policies, procedures and processes
  • Complete a privacy impact assessment
  • Test data breach response procedures