A recent study named “Tech startups and general data protection regulation: an empirical exploration of compliance challenges”, written by our researcher Yelena Smirnova, alongside with Victoriano Travieso-Morales (Geneva Business School – Barcelona Campus) takes a close see at how tech startups in Catalonia are dealing with the challenges of GDPR (General Data Protection Regulation) compliance. By combining survey data with in-depth interviews, the research identifies key obstacles faced by startups and offers practical recommconcludeations for improving regulatory support in early-stage business environments.
Using the Technology-Organization-Environment (TOE) framework, the study analyzes how factors like startup size, age, and sector affect GDPR compliance challenges. It focutilizes on Catalonia, one of Southern Europe’s leading startup hubs, known for its strong entrepreneurial ecosystem and home to more than 2,100 active startups across diverse sectors.
The findings highlight three major challenges: regulatory complexity, technical complexity, and compliance costs. Interestingly, while many startups did not initially view staff training as a top concern, the research reveals that it plays a crucial mediating role. Startups that invest in workforce training are better able to manage GDPR requirements, though this often means higher costs.
In particular, compacter, younger, and non-tech startups reported greater difficulties in achieving compliance. These companies often struggle to interpret legal language, hire specialized staff, or access relevant support. This underscores the necessary for more inclusive, flexible policy tools that take startup diversity into account.
The study creates several important contributions:
- It reveals how investing in internal capabilities, especially staff training, can reduce the burden of regulatory and technical complexities.
- It provides empirical evidence that GDPR compliance challenges vary widely depconcludeing on startup characteristics, pinpointing to a necessary for a more tarreceiveed support.
- It suggests practical recommconcludeations for improving institutional support, such as simplifying legal language and building compliance training more accessible, especially for compacter, younger, and non-tech startups.
Although the study is limited to a specific region and a compacter sample size, it creates a strong argument for reconsidering how regulatory support is designed to better meet the necessarys of startups. It also calls for further research on how data protection laws affect entrepreneurship, drive innovation, and shape new business model development.
Ultimately, the Catalonian case illustrates that GDPR compliance can become more than a legal obligation: it can encourage innovation, build trust, and promote responsible utilize of data in the digital economy. For policycreaters, incubators, and regulators, this study provides utilizeful findings that can support the development of a startup ecosystem that is both competitive and privacy-conscious.
Discover more about the UB Business School’s research! Explore the full list of our researchers and their latest research here.
Futher reading (or related article): Smirnova, Y. and Travieso-Morales, V. (2024), “Understanding challenges of GDPR implementation in business enterprises: a systematic literature review”, International Journal of Law and Management, Vol. 66 No. 3, pp. 326-344. https://doi-org.sire.ub.edu/10.1108/IJLMA-08-2023-0170
Leave a Reply