"By protecting data privacy, we're not only doing what's right for our customers, but we're also building trust and strengthening the relationships that drive our business forward.” Satya Nadella, CEO of Microsoft

Understanding data privacy and protection

Data privacy and protection is about how companies collect, manage, and use customer and employee data. It also is about cybersecurity and what the company’s action might be if a data breach occurs.

Read through these simple questions below:

• Will your company have users logging into your platform?
• Will your company use a database?
• Will your company leverage cloud-based resources like IaaS (Infrastructure as a Service)?
• Will your company have intellectual property (IP) to safeguard?
• Will your company process payment transactions?
• Will your company collect, store, manage, use, or process Personally Identifiable Information (PII) data?
• Will your company collect, store, manage, use, or process any regulated data (e.g., financial or health data)?
• Will your company have customers who operate in highly regulated industries (i.e., Critical Infrastructure, Insurance, etc.)?
• Will your company have operations in geographies with consumer protection laws or regulations (e.g., GDPR in the EU, or CCPA in the US)?

If you answered yes to any of the above, then data security, privacy, and compliance need to be considered early and often.

Priorities for an early-stage company

As a very early-stage company, you will have limited resources to implement best practices immediately. However, understanding your priority areas is key, and building them into your company roadmap will make life a lot easier and set a strong foundation from the very beginning.

1. Assess and understand your data

1. Take a data inventory: Even before a product goes to market you will be able to know what data you intend to collect, how you will be storing it, and managing it. This will help you understand the scope of the protection and areas of risk.
2. Classify your data: Identify whether your data is considered sensitive personal data and/or PII [see ‘Why does it matter?’ section for more details].