5 facts startups need to know about the GDPR

Generic placeholder image
Matt McKenna

Underwriting Manager

Any business that comes in contact with EU citizens will have to follow new rules as of May of this year. The General Data Protection Regulation (GDPR), passed by EU Parliament in April 2016, directly impacts businesses in the US, EU and elsewhere. Its purpose is to set uniform standards for data protection and prevent businesses from misleading EU citizens about how their data is being used.

Here are 5 facts every startup needs to know to avoid running afoul:


1. Does the GDPR affect me?

If your company does business with — or tracks the behavior of — EU citizens, you need to comply. Whether or not you’re located in the EU makes no difference. What matters is whose personal data you are exposed to.


2. What is “personal data” according to the GDPR?

The EU’s definition of “personal data” is broader than those of some US jurisdictions. Here’s how the EU Parliament sees it:

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.


3. What do I need to do to comply with the GDPR?

You may need to make changes to your contracts and internal processes. You’ll have to formulate a data breach response plan if you don’t have one in place. If you do have one, you may need to update it. Is your customer privacy policy filled with legalese? It’s possible your lawyer will recommend rewriting it. Transparency with users is one of the most important goals of the GDPR.

It can’t hurt to familiarize yourself with the regulation (full text here). Make sure to also take advantage of the FAQ and online resources that the EU has made available. Law firms are publishing compliance checklists which can be a helpful tool.

Most importantly, as with all legal matters, consult your attorney to make sure you’re not breaking any rules.


4. When is the deadline to comply with the GDPR?

The absolute, last-minute deadline is May 25th, 2018. Companies not in compliance on that date could be fined.


5. But…why should I?

Fair question. Especially for US-domiciled companies that only have limited exposure to EU citizens, what’s the worst that can happen?

The EU Parliament is taking this new regulation very seriously:

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.


Want to know more?

We’re here to address any questions you have about what the GDPR means for your insurance policies. Cyber insurance, in particular, has become significantly more useful in light of this new regulation.

You can contact us at or create an account here in order to get a quote for cyber insurance. You can also check out our blog for more info about data security and privacy liability.

Related Articles

August 31 • Cyber Liability

Cyber Liability Insurance Guide

Cyber liability insurance can seem confusing — but it doesn’t have to be. Here are several crucial cyber coverage guidelines for startups and technology companies.

August 30 • Cyber LiabilityErrors & OmissionsRisk Management Tips

MSP Insurance Guide

With the environment rapidly changing for a small or mid-market business, what risks do MSPs face now? Here’s a practical guide to MSP insurance.

ransomware manufactures
August 3 • Cyber LiabilityRisk Management Tips

Ransomware Insights: Why Hackers Are Targeting Manufacturers

With ransomware attacks on the rise, why are manufacturers taking the brunt of it? Here’s our take on the situation, along with helpful tips.

July 27 • Cyber Liability

Rise of Ransomware: How to Protect Your Business

Ransomware has been on the rise for several years, with 2020 making the biggest impact. Here’s the scoop on this cybercrime and what mid-market and small businesses can expect.

June 29 • Cyber Liability

How Does Your Cybersecurity Measure Up in 2021?

Small businesses and late-stage companies face unique challenges this year. Can your cybersecurity fend off all that 2020 delivered?

April 10 • Cyber LiabilityRisk Management Tips

Top 5 Social Media Influencer Lawsuits

A social media influencer often reaches millions of people, raising the stakes for the mid-market companies who hire them. Here’s how these risks unfold.