A survey of more than 4,000 start-ups around the world shows that many are ill-prepared for GDPR.
The GDPR deadline of 25 May is just around the corner, and a survey commissioned by email service provider Mailjet shows that start-ups are in dire need of re-examining how they handle their data.
The survey, which was launched on Product Hunt, received responses from more than 4,000 start-ups in the US, the UK and France.
Companies need to improve
Out of a maximum GDPR-readiness score of 10, the average result was a mere 4.1, showing that much more needs to be done ahead of – and after – the deadline passes.
It’s no secret that a massive amount of start-ups collect personal data from their clients. The survey showed that 91pc of participating companies do so, with 93pc of banking and insurance companies collecting information. The lowest sector was still a relatively high 85pc, from tourism and hospitality.
It’s clear from the results that start-ups need to take better care of the data they collect. While the vast majority of those surveyed collect customer information, just 29pc encrypt the data and 34pc of start-ups have a solid breach notification plan.
GDPR as an opportunity
CTO of Mailjet, Pierre Puchois, said that founders “have the opportunity to build their systems right from the very beginning and avoid penalties such as those GDPR will impose”.
Once GDPR is in place, classic ‘growth hacks’ previously employed by start-ups will no longer be permissible. Scraping LinkedIn email addresses and adding contacts who have downloaded white papers to your newsletter subscriber list will be a thing of the past.
Consent is key when it comes to GDPR. Only 47pc of respondents report asking customers for consent prior to contacting them every single time, and only 50pc of respondents make it easy for users to withdraw consent if they no longer wish to be contacted.
A change in strategy
On a positive note, 63pc of respondents recognise that data minimisation needs to happen, and new opportunities when it comes to growth hacking may present themselves in future.
Alex Delivet, head growth hacker at Mailjet, said: “It’s important to make the differentiation between spamming and growth hacking. Over the past years, it’s been easy to turn to tactics that consist of scraping email addresses and sending mass cold emails.
“This is spamming, not savvy growth hacking. With the arrival of GDPR, these kinds of bad practices will be officially illegal, and the best growth hackers will realise that there are a lot of GDPR-compliant tactics we can try.”