“Privacy is not an option, and it shouldn’t be the price we accept for just getting on the internet.” Gary Kovacs, former CEO of Mozilla
Understanding data privacy and protection
Data privacy and protection is about how companies collect, manage, and use customer and employee data. It also is about cybersecurity and what the company’s action might be if a data breach occurs.
Data privacy, security, and compliance can feel overwhelming, but it doesn’t have to be. Startups don’t need enterprise systems at inception, but they do need a plan. Here’s how to build a strong foundation with limited time and resources.
1. Assess and understand your data
- Take a data inventory: Even before a product goes to market you will be able to know what data you intend to collect, how you will be storing it, and managing it. This will help you understand the scope of the protection and areas of risk.
- Classify your data: Identify whether your data is considered sensitive personal data and/or PII [see ‘Why does it matter?’ section for more details].
- Limit your data collection in the early days if possible. This may mean you need to spend less on legal advice before you need to. This is worth considering if you plan to be in markets where there may be geopolitical sensitivities relating to data sharing.
- Ensure you are aware of the regulations that may affect the company and the data it collects.
<aside>
<img src="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b7f18aa4-3eb0-4143-993a-4e3d20923d50/Antler_Sign.jpeg" alt="https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b7f18aa4-3eb0-4143-993a-4e3d20923d50/Antler_Sign.jpeg" width="40px" /> This document from Open Data Institute is a great guide to identifying, assessing, and managing risks related to sharing data that companies hold.
</aside>
2. Put simple protections in place
Security is often about reducing obvious risk. Start with:
- Strong passwords + 2FA (two-factor authentication)
- Use secure cloud platforms with built-in encryption
- Limit access to sensitive data to only those who need it
- Back up data regularly and store it securely
- If you rely on third-party tools, check their security practices too
3. Build a culture of accountability
Your team is your first line of defense. Even if you’re just two people: