Alongside fake news, GDPR will go down as the word for 2018. Working with our SME clients, LegalEdge’s message was: there’s no need to overcomplicate it. Instead, be proactive about how you manage your data.
At the beginning of the year, we teamed up with Connect Ventures to create a bespoke workshop around the practical elements of GDPR and what that actually meant in practice to a tech SME. Keji Mustapha, Head of Founder Network at CV shares the key take-outs she’s seen across their portfolio community, now nearly six months into their GDPR journey.
Getting everyone on board
Getting everyone on board was the biggest challenge for many of our businesses. A lot of teams still don’t really get the rules and what the immediate steps they need to take are to be GDPR compliant. These companies have taken the view that this is something to be done later; they simply don’t see it as as much of a priority as other areas of the business such as acquiring new customers or serving the needs of existing ones.
More meaningful customer engagement
Our founder base learnt that the GDPR rules won’t actually have that adverse an impact on the way their companies work. In fact, it means they’re engaging with people who actually want to be customers or users of their product. So, they’re not wasting time chasing up leads that would invariably result in dead ends.
Keeping it simple
For those teams that prioritised implementing GDPR, they actually found the experience easier than they thought, once they dedicated the requisite time into setting up the processes properly.
Shifting company culture
A lot of our portfolio companies have used this as an opportunity to embed better data security into their company culture. Many businesses – us included – are now operating a clear desk policy to prevent any important data being left in the open.
CharlieHR is an example of a business that went into GDPR with a positive mindset. Here’s their experience:
“We’ve always taken the integrity of our customers’ information very seriously and so by the time GDPR rolled around a lot of the policy process was already in place for us. If we all take data and information security a little bit more seriously because of GDPR, then that’s a positive for all of us.”
“The biggest learnings so far is that we’ve taken into account what’s appropriate for us as an organisation. Trying to implement GDPR to the same effect as Google or Facebook is just not going to happen, so we’ve done what makes sense for our size, stage and the risk associated with the data we hold.”