Market disrupters and innovators have often been berated for being unaware of data protection and privacy or for failing to reach the required standards of compliance. Limited human and financial resources are undoubtedly part of the problem here. However, in a number of cases, there also seems to be a perception that innovation and privacy are incompatible. With the General Data Protection Regulation (GDPR) taking effect on 25 May this year and introducing even tougher standards for privacy, not to mention fines of up to 4% of annual worldwide turnover, it is clear that data protection and privacy can no longer be ignored, irrespective of the sector in which a business operates. But is there a silver lining for start-ups and other innovative or disruptive companies?
What are innovators and market disrupters? Innovators are companies that focus on the development of new products and services, or approach existing ones with a completely novel approach. Market disrupters are essentially a subset of innovators that seek to completely uproot and displace the current way business is done in a certain sector, or goods and services are provided. Innovators have been described as ‘rational’ whereas disrupters are seen as ‘irrational’ – they turn the way business was done on its head. So, for example, Booking.com and Hotels.com have been able to sell hotel rooms in an innovative and successful way, with the help of intelligent software and algorithms. AirBnb on the other hand, or Uber in the transport/taxi sector, have changed the way in which business was traditionally done in those sectors by thinking ‘what if everyone was a hotel or a taxi?
How does data protection fit into this? Market disrupters and innovators often operate in sectors that are very ‘data heavy’. So it is perhaps surprising that data compliance has historically been perceived to be more of an afterthought. This has usually been attributed to the fact that start-ups often have limited staff and financial resources, combined with a lack of awareness of certain areas of regulation. However, there are pitfalls to this approach, as many start-ups and innovators are already recognising. The public’s growing awareness and concern about the use of their personal data means that any data compliance issue which reaches the public domain, such as a data security breach, is likely to cause significant reputational damage. In this respect, innovators and disruptors are no different to other, larger organisations. In fact, they may be even more vulnerable to reputational damage as they often rely on recommendations and word-of mouth for their early growth.