Pre-Seed and GDPR

1 pointsricokatayama1y ago2 comments

I’m at the early stage of a startup, and our next step is to do a soft launch in Europe. Google and MS authentication only. We register a series of information for each user related to the work they perform. Only team members and the company can view this data. Would you recommend that I go all in to be GDPR compliant? Or is it too early? Are there cases of startups that, even in a pre-seed phase, have fully complied with GDPR?

2 comments

dave44201y ago

You need to be GDPR-compliant, but you don’t need to automate GDPR compliance yet.

You have 30 days to comply with e.g. right to deletion requests. That’s easily long enough to write backend code to delete someone’s data. So don’t write that code until someone requests that you delete their data (unless you need to write it before then for other reasons, ofc).

steve_gh1y ago

GDPR compliance is easy if you are not selling your users' data.

j / k navigate · click thread line to collapse

Pre-Seed and GDPR

1 pointsricokatayama1y ago2 comments

2 comments

dave44201y ago

You need to be GDPR-compliant, but you don’t need to automate GDPR compliance yet.

steve_gh1y ago

GDPR compliance is easy if you are not selling your users' data.

j / k navigate · click thread line to collapse