I’m at the early stage of a startup, and our next step is to do a soft launch in Europe. Google and MS authentication only. We register a series of information for each user related to the work they perform. Only team members and the company can view this data. Would you recommend that I go all in to be GDPR compliant? Or is it too early? Are there cases of startups that, even in a pre-seed phase, have fully complied with GDPR?
You need to be GDPR-compliant, but you don’t need to automate GDPR compliance yet.<p>You have 30 days to comply with e.g. right to deletion requests. That’s easily long enough to write backend code to delete someone’s data. So don’t write that code until someone requests that you delete their data (unless you need to write it before then for other reasons, ofc).