Given concern around data breaches, the EU Parliament finally passed GDPR (General Data Protection Regulation) after four years of preparation and debate; it goes into enforcement on May 25, 2018. Though it originated in Europe, GDPR is a form of long-arm jurisdiction that affects many U.S. companies — including most software startups, because data collection and user privacy touch so much of what they do. With EU regulators focusing most on transparency, GDPR affects everything from user interface design to engineering to legal contracts and more.
That’s why it’s really about “privacy by design”, argues former environmental scientist and lawyer Lisa Hawke, who spent most of her career in regulatory compliance in the oil industry and is now Vice President of Security and Compliance at CFI portfolio company Everlaw (she also serves as Vice Chair for Women in Security and Privacy). And it’s also why, observes CFI board partner Steven Sinofsky, everyone — from founders to product managers to engineers and others — should think about privacy and data regulations (like GDPR, HIPAA, etc.) as a culture… not just as “compliance”.
The two break down the basics all about GDPR in this episode of the CFI Podcast — the why, the what, the how, the who — including the easy things startups can immediately do, and on their own. In fact, GDPR may give startups an edge over bigger companies and open up opportunities, argue Hawke and Sinofsky; even with fewer resources, startups have more organizational flexibility, if they’re willing to put in the work.
links mentioned in this episode (and other resources):
Lisa Hawke
Steven Sinofsky is a board partner at Andreessen Horowitz.
The CFI Podcast discusses the most important ideas within technology with the people building it. Each episode aims to put listeners ahead of the curve, covering topics like AI, energy, genomics, space, and more.