Addressing data protection challenges in the startup ecosystem

Businesses everywhere are acknowledging the need to leverage data to be a smart, responsive organisation. Startups are undoubtedly the frontrunners in leveraging data. One of their key objectives is to differentiate themselves in the eyes of today’s ‘always connected’ customers by being nimble, adaptive, and iterative. One of the chief ways they achieve these capabilities is by putting data to work to gain insights.

However, even as technology and its influence on every business grow, so does concern about how data is used and protected. In this context, startups face multiple challenges.

More than other businesses, startups use data to zero in on a promising but unmet business need, identify their user base, target their customers, and design or select the products or services they make or provide.

Further, startups in the tech or IT space also depend on seamless and compliant cross-border data-sharing to do business. But in being relatively small to start with, startups often function on tight budgets that leave them with little room for either time or resources to expend on laborious and often complex processes around regulatory compliance.

Additionally, startups thrive on having their target audience identify with them by connecting closely with their values. From the customer’s point of view, both transparency and trust are high on their list as a prerequisite for brand allegiance and loyalty. However, how startups use, apply, and protect data can play a key role in making up their customers’ minds on whether to endorse their business, depending on how authentic and transparent a company is in its data usage and protection.

Empowering startups with new provisions

Experts say that the latest iteration of the Digital Personal Data Protection Bill, 2022 (DPDP) released by the Indian Ministry of Electronics and Information Technology late last November, empowers startups in several ways with its provisions. 

One of the first ways it does so is by helping to reduce the compliance burden. The bill’s previous draft, which required a data protection authority to certify ‘data localisation’ and ‘privacy by design,’ has been toned down in the 2022 draft. This saves costs for startups. 

Experts also say that if the revised bill comes into force, it will help empower startups to initiate processes with ‘plug-and-play’ solutions to simplify digital data safety and protection requirements.

Simplifying compliance requirements

The latest DPDP bill also promises to enable startups to grow their business by providing greater clarity around compliance requirements. Companies that deal with large volumes of sensitive data with a potential ‘risk of harm’ to users (companies which the bill terms ‘significant data fiduciaries’) will be expected to have a data protection officer and an independent data auditor to continuously evaluate the company’s compliance with the bill’s provisions.  Currently, only startups that fall within this specific category must adhere to these highly specific requirements.  This will, in turn, improve the quality of the products or services they are offering and deepen a sense of trust from their customers and other stakeholders, while other startups who don’t deal with high volumes of sensitive data with a potential ‘risk of harm’ to users will not be bound by these requirements.

Deepening customer trust

Another provision of the DPDP Bill, 2022, has to do with the need to take consent from users for access to and use of their data. Although many startups agree that procuring consent from users is valuable, the cost of specifying what data has been collected is considerably high. 

However, there are two positive ways startups can view this requirement. In being open and transparent with users about the data that has been collected, startups can positively impact customer trust in their companies. Second, in knowing the new requirements for greater transparency, companies will learn to make do with gathering less data and thereby incur lower costs to be compliant. 

Overall, the DPDP Bill 2022 promises to help startups adequately address data protection challenges and thus open a path to greater transparency and trust and enhanced brand allegiance and customer loyalty.