Skip to main content

Many start-ups not prepared for GDPR

(Image credit: Image source: Shutterstock/Wright Studio)

Start-ups around the world appear to be unprepared for the upcoming General Data Protection Regulation (GDPR), new research suggests. 

According to Mailjet, many start-ups are falling behind when it comes to consent and contingency planning.

The report, based on a study of 4,000 start-ups says 91 per cent admitted to gathering data from their customers. Almost two thirds are not compliant with GDPR. The average score for GDPR readiness was 4.1 out of 10. Banks are scoring highest (4.4), and construction / real-estate are scoring lowest (3.2).

Less than a third (29 per cent) encrypt the data they gather. A third (34 per cent) said they have set up notifications in case of a data breach. The report also says that less than half of start-ups analysed (47 per cent) actually ask for permission before trying to contact them.

Half (50 per cent) make it easy for customers who turn them down or withdraw their consent at any time.

Mailjet says that once GDPR kicks in, these types of practices will basically become illegal.

General Data Protection Regulation, or GDPR, will come into force on May 25, 2018. It aims to regulate how global businesses gather, store and share data on their EU customers. Among other things, it will also regulate how businesses should behave in case of a data breach. For example, they are obliged to notify their users of a data breach within three day.

If they fail to comply, they risk extremely high penalties.

Image source: Shutterstock/Wright Studio