It depends on the data involved in your activity. If your start-up deals with health data (maybe developing a tracking health app for mobile)? Does it monitor consumer’s behavior for marketing purposes? Is it processing children’s data because develops videogames? In all these cases time to achieve GDPR compliance can be longer than if your start-up processes only personal data of staff, clients, and providers for example because it works on AI solutions with anonymized data or it is an animation studio.It can take from 3 to 6 months to reach GDPR compliance, but it depends on budget, time, and resources (intended as staff) available. In case the data processing involves a large scale of sensitive data or a transfer of data outside the EU, it may take more time because of the Data Protection Impact Assessment and safeguards for the transfer of data need to be considered and implemented.
Our Toolkit helps controller to implement GDPR requirements with the assistance of our expert team.