Investment Director Anders Bach Waagstein's slides from PreSeed Academy StartupTalk #26: Startup Practices for Privacy and Compliance. (2 of 3 speakers).
1. P S V
November 2020
Privacy and Compliance in
the Due Diligence Process PreSeed Ventures
2. We’ve lived well over 400 journeys alongside young guns,
moms, dads, outliers, big egos and eccentrics – the best kind
if you ask us. We worked closely with them all — long term,
and we can say without a shadow of doubt that we know
startups.
S V
P
3. Early stage VC dedicated to founders in the pre-seed
stage
preseedventures.dkPreSeedVentures
39%
Of portfolio companies gets
next stage VC funding.
400
Backed founders of Danish tech
startups
500k-6m
Size of investments in DKK
350m
Fund size in DKK
4. P S V
Due Dilligence at
PreSeed Ventures.
What is that like?
5. People – numerical and verbal testing of
the founder team
Tech – technology choices and
development processes
Commercial – reference calls
Legal – registrations, contracts, warrant
agreements, freedom to operate
analysis,
Compliance – data controller and
processor agreements, description of
processes
Insert Drawing, model or image.
The red pill, please
7. Since GDPR was implemented 25th May
2018 410 fines has been issued.
Google was fine €50M in France due to
lack of transparency on how data were
harvested from data subjects and used
for ad targeting. Google just lost an
appeal.
Because society does
8. Largest fines in Denmark are issued to:
IDdesign (1,5 mDKK)
Taxa 4x35 (1,2 mDKK)
Most common reasons for fines in DK are
violations of:
Article 5: Principles relating to processing of
personal data
Article 6: Lawfulness of processing
Article 32: Security of processing
According to Henning Mortensen CoB Danish
Council for Digital Security
Because Denmark takes it seriously
9. Infringements could result in a fine of up
to €20 million, or 4% of the firm’s
worldwide annual revenue.
Data controller or processor agreements
are expected
ISAE 3000 is a way to document your
policies.
Your customers takes it seriously
10. 10
Privacy as an integrated part
of M&A
Verizon acquired Yahoo in 2016
Data breach from 2013-2014 was
revealed in 2016 during the the
M&A process.
Marriott acquired Starwood in
2016
Data breach from 2013 was
revealed in 2018
11. 11
When
When you are looking for your first customer
When you are using a sub-contractor
Every time you are raising money
When you are acquiring a company
When a customer quits
When an employee quits
12. 12
What to do
01 Know what personal data you are processing and
have a processes for deleting old data
02 Secure data processor and data controller agreements
with your partners
03 Make sure your have valid consents to communicate
with your customers
04 Make sure your data is secure and be aware of social
hacking