91% of startups admit to collecting personal data (but most aren’t data compliant)

29/01/2018

Global startups are completely ill-prepared for GDPR, with many falling behind around consent and contingency planning, according to new research.

gdpr-flag.png

International research by Mailjet reveals that of the 4,000 startups who completed the quiz, 91% admitted that they are collecting personal data from customers, however nearly two-thirds aren’t data compliant.

When asked to rank themselves on GDPR- readiness, the average score was a disappointing 4.1 out of 10, with the banking and insurance vertical scoring the highest (4.4) and construction and real-estate scoring the lowest (3.2).

The global research has also revealed that:


  • Only 29% of startups actually encrypt the data they collect, whilst only a 34% have a data breach notification plan in place

  • Only 47% of quiz respondents report always asking their customers for their consent prior to contacting them

  • Worse yet, only 50% of respondents make it easy for customers to withdraw their consent


With the intention of bringing awareness about GDPR to startups, email service provider Mailjet commissioned an international survey (launched on Product Hunt), asking startups to rate where their company stands in terms of key requirements of the new regulation which will come into effect May 25th, 2018.

Of over 4,000 startups who completed the quiz, primarily based in the UK and France, the average GDPR-readiness score was a disappointing 4.1 out of 10, with the banking and insurance vertical scoring the highest (4.4) and construction and real-estate scoring the lowest (3.2).

Ready to take data, but not responsibility

Despite the low level of compliance, 91% of startups report collecting personal data from their clients. Interestingly this figure does not fluctuate drastically across startup verticals. Banking and insurance scored the highest at 93% while the lowest was only 8% lower (85%, scored by the hospitality and tourism sector). This tells us that regardless of startup industry, personal data collection is at the heart of nearly all startups.

The fact that startups collect customer data may not be shocking. What was surprising was the lack of responsibility startups show towards the protection of this data. Only 29% of startups actually encrypt their collected data while a sad 34% have a data breach notification plan.

“Launching a startup today means doing so amongst a sea of pre-existing regulations, and the best founders won’t ignore this. They have an opportunity to build their systems right from the very beginning and avoid penalties such as those GDPR will impose. Mailjet itself is now GDPR-compliant and ISO 27001 certified, which shows that attaining the highest levels of data privacy and security IS something accomplishable by SMBs and startups, and not just the big guys.  - Pierre Puchois, CTO Mailjet.

Classic growth hacking is gone

Classic growth hacks - scraping LinkedIn email addresses, adding contacts who have downloaded whitepapers to the newsletter list - lack a key requirement upcoming in the new GDPR regulations, consent. Only 47% of quiz respondents report always asking their customers for their consent prior to contacting them. Worse yet, only 50% of respondents make it easy for customers to withdraw their consent.

However it’s not all doom and gloom. With 63% of respondents agreeing they respect the need for data minimisation i.e. the reduction of the amount of data held beyond what is strictly necessary for purpose, we can expect small business leaders to be open to new growth hacking techniques that are sustainable in a post-GDPR world.

“It’s important to make the differentiation between ‘spamming’ and ‘growth hacking.’ Over the past years, it’s been easy to turn to tactics that consist of scraping email addresses and sending mass cold emails. This is spamming, not savvy growth hacking. With the arrival of GDPR, these kind of bad practices will be officially illegal and the best growth hackers will realise that there are a lot of GDPR-compliant tactics we can try.” - Alex Delivet, Head Growth Hacker, Mailjet.

Methodology

The research was conducted between December 2017 and January 2018 via an international poll published on Product Hunt, a website that lets users (primarily entrepreneurs and startups) share and discover new products. The survey received 4,328 respondents based primarily in France (48%), UK (13%), US (7%), Belgium (4%) and Germany (3%).

<< Back to today’s Digital Intelligence news

Copyright ©2000-2018 Digital Strategy Consulting Limited | All rights reserved | This material is for your personal use only | Using this site constitutes acceptance of our user agreement and privacy policy