What are the risks associated with collecting personal data?

5 key risks to remember

by GLS GROUP May 28, 2020

personal data key


Nearly every company deals with personal data. Indeed, data is the fuel for the knowledge economy, and is often crucial for the operations of any business.

Unfortunately, the occurrence of various high-profile data breaches by some of the largest companies in the world over recent years has led to an increasing focus on privacy rights and an increasingly strict data enforcement climate.

This means that the risks associated with companies collecting personal data have also grown substantially in recent years.

In this article, we highlight 5 key risks that companies face when collecting personal data.

Regulation written on multiple road sign

Risk 1: High costs of compliance

Companies that collect personal data are required to comply with a wide range of data privacy regimes across the world. This is due not only to the cross border nature of personal data transactions, but also due to the extra-territorial nature of various data privacy regimes.

In this regard, it would be prudent for companies to take reference to the high watermark of data privacy standards across jurisdictions, in order to ensure compliance with all regimes. This means that the costs that companies would need to expend to comply with such standards could potentially be high.

In particular, data privacy regimes across the globe generally require companies to adopt measures to safeguard personal data in their possession.

Depending on the amount of personal data in the company’s possession, the potential costs that a company may incur in drawing up such security measures (e.g. state of the art technology) could be very high, and could prove to be a drain on the financial resources of a company.

Conceptual image of micro circuit. Security concept

Risk 2: Greater accountability to individuals

Collecting the personal data of a large number of individuals also means the companies will need to be accountable towards more individuals over how their personal data is used.

Data subjects may even have the right to request for companies to provide information on how their personal data is used, and companies are required to provide such individuals with accurate information on this – this may depend on the jurisdiction as well as the nature of the personal data in question (i.e. whether the personal data is particularly sensitive, such as where it relates to matters such as the individual’s religion, sexual orientation etc).

A failure to provide accurate responses within a stipulated timeframe may expose companies to severe liabilities.

Business man hitting grungy brick wall with hammer

Risk 3: Data breaches

Companies that suffer a data breach and are found to have failed to implement adequate security measures could be subject to very stiff penalties from regulators.

Even if a company is not found to have been liable for such breaches, the negative publicity surrounding such data breaches could have a huge impact on the company’s reputation in the marketplace.

Such negative effects on the company’s reputation could result in individuals refraining from furnishing their personal data to the company moving forward, and this may hurt the company’s operations and revenue streams.

An elegant businessman standing with his back in front of urban wall full of arrows pointing in different directions concept

Risk 4: Wide definition of personal data

The risks that we have highlighted above are exacerbated by the fact that personal data is generally widely across many jurisdictions. The general definition of personal data is “data that can be used to identify an individual”.

Accordingly, personal data potentially covers an extensive range of information – not just information such as names and contact details. The ambit of personal data could even include information such as a person’s bank account number.

What this means then, is that companies remain susceptible to the risks that we had highlighted above in relation to a wide range of data. Companies should thus be extremely careful to ensure that their data collection and processing practices as a whole remain stringent and top notch.

Data person

Risk 5: Risks can never be completely eliminated

The unfortunate reality is that the risks that we had highlighted above can never be completely eliminated.
Whilst measures can certainly be taken to alleviate these risks, the truth is that the greatest reason for data breaches remains human error. Human error often remains the weakest link in any compliance chain, and we all err from time to time!

Besides, even if the humans involved remain cautious, computer hackers out there often devise new ways and means to breach computer security systems – the enemy is far stronger than many of us expect.

In this regard, companies always need to be on their guard. While personal data may be indispensable for the operations of a company, they must be treated with extra care all the time. Vigilance is key. Even if you have been religiously compliant with the applicable privacy laws, data security breach can still be a problem.

Business man climbing up on hand drawn staircase concept on city background


We hope that this article has been helpful to you as a start-up trying to navigate the minefield of privacy laws.

To aid in your quest to survive and thrive in the complex business world, GLS offers a Total Start-Up Support solution which provides you with all business-critical templates for the price of what most pay for coffee each month.

Needless to say, our solution comes with a 24/7/365 helpline whereby one of our legal professionals can assist you with any queries that you may have.

Check out our GLS Start-Up Support (Bronze) and our GLS Start-Up Support (Silver).

The End written on rural road


If you liked this topic, you might also like 10 Common legal mistakes made by start-ups

*The above content does not constitute, nor is it offered as, legal advice of any kind. GLS Solutions Pte Ltd is not a law firm and any support provided pursuant to this entity is not regulated legal advice or legal opinion.  


GLS Group - Nominated by Financial Times as the:
"Most Innovative Law Firm - Asia Pacific"
Innovation through Technology 
The Middle East Legal Awards 2020

Avoiding co-founder disputes : Legal 101s

a list of steps you should take to help mitigate or avoid entirely the possibility and risks of co-founders disputes ... Continue reading

What should you include in your invoice? :5 key items that should be inside

In this article, we examine 5 key items that should go into an invoice ... Continue reading

What are the risks associated with collecting personal data? :5 key risks to remember

5 key risks of associated with collecting personal data and how you can manage ... Continue reading

What is a supply of goods and services agreement? :10 key points to help you understand

We examine the top 10 issues to look out for in a Supply of Goods & Services Agreement ... Continue reading