The GDPR has left many companies scrambling, unsure as to what can and cannot be done. Here are 18 tips every startup should take into consideration.
The EU General Data Protection Regulation (GDPR) has been in effect for two months. As of yet, there haven't been any major violations, which may explain why some companies have yet to take these regulations seriously. Data protection specialist and lawyer Kaspars Kalsnavs presents 18 tips for small startups that are worth remembering in order to follow the regulations and avoid unnecessary complications.
1. Try to avoid using your own servers; instead choose Google Mail, Google Docs, Google Drive and similar trustworthy solutions.
2. Make sure to use a work-specific Google account rather than your private account.
3. Use two-step authentication whenever possible.
4. Only use licensed computer programs with automatic updates.
5. Don't request sensitive information such as health conditions, race, ethnicity, sexual orientation, etc.
6. When requesting information from a client, only request information necessary for your services, such as name, last name, ID card number, address and phone number.
7. If possible, only use a stationary computer in your firm's office when dealing with client information.
8. If necessary to access client data remotely, make sure that your connection is secure. Always choose 4G or VPN.
9. Try to prevent employee turnover - employ fewer people for a longer time.
10. Make sure to regularly train your employees in data protection.