Only 1/3 of startups are GDPR-compliant, study finds

A study by global email provider Mailjet shows that although 91 percent of startups say they’re collecting personal data, nearly two-thirds aren’t compliant with the General Data Protection Regulation (GDPR), which goes into effect in May.

The report said that startups were “completely ill-prepared for GDPR, with many falling behind around consent and contingency planning.”

More than 4,000 companies around the world completed the survey, most in the UK and France. US companies comprised 7 percent of the total number.

Darine Fayed, head legal and data protection officer at Mailjet, told me via email that she was surprised how low data compliance was for startups.

“You don’t have to be a big company to have possession of personal data,” Fayed said. “A startup using marketing automation, sending a newsletter, or even offering click-to-chat is likely to have collected this. For this reason, it’s not surprising that 91 percent of startups report that they in fact do collect personal data.”

“What was surprising though, is the lack of understanding startups seem to have about the responsibility and best practices that come with holding such information. Startup respondents overwhelmingly failed in the areas of asking for consent (47 percent), encrypting data (29 percent), as well as having a data breach notification plan (34 percent). The good news is that startups are agile, and their infrastructures are often in early stages. With the right education on what needs to be done, startups can move far quicker than larger companies toward becoming GDPR-compliant, which is good news with the May 25 deadline just around the corner,” Fayed said.

For more information about GDPR, see our guide for marketers to understand more about whether your company will be impacted and how to prepare for compliance.

About The Author

Robin Kurzer

Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.

Popular Stories

The United States finally starts to talk about data privacy legislation

Autopilot debuts real-time collaborative customer journey map

FTC PrivacyCon: Your email address is leaking and vulnerable

A new era of personalization: The hyperconnected customer experience

Related Topics

Channel: Martech: Analytics & DataGeneral Data Protection Regulation (GDPR)