Only 1/3 of startups are GDPR-compliant, study finds
A Mailjet study of 4,000 companies shows an average GDPR-readiness score of 4.1 out of 10.
A study by global email provider Mailjet shows that although 91 percent of startups say they’re collecting personal data, nearly two-thirds aren’t compliant with the General Data Protection Regulation (GDPR), which goes into effect in May.
The report said that startups were “completely ill-prepared for GDPR, with many falling behind around consent and contingency planning.”
More than 4,000 companies around the world completed the survey, most in the UK and France. US companies comprised 7 percent of the total number.
Darine Fayed, head legal and data protection officer at Mailjet, told me via email that she was surprised how low data compliance was for startups.
“You don’t have to be a big company to have possession of personal data,” Fayed said. “A startup using marketing automation, sending a newsletter, or even offering click-to-chat is likely to have collected this. For this reason, it’s not surprising that 91 percent of startups report that they in fact do collect personal data.”
“What was surprising though, is the lack of understanding startups seem to have about the responsibility and best practices that come with holding such information. Startup respondents overwhelmingly failed in the areas of asking for consent (47 percent), encrypting data (29 percent), as well as having a data breach notification plan (34 percent). The good news is that startups are agile, and their infrastructures are often in early stages. With the right education on what needs to be done, startups can move far quicker than larger companies toward becoming GDPR-compliant, which is good news with the May 25 deadline just around the corner,” Fayed said.
For more information about GDPR, see our guide for marketers to understand more about whether your company will be impacted and how to prepare for compliance.