Following a talk I gave in Tokyo last month about European innovation, a number of Japanese corporations have been asking me about GDPR, and whether it applies to them.
My answer has been consistently to encourage them to check with their own legal counsel, but that there is a good chance that they fall under the GDPR regulation if they are collecting data on any European person, whether they realize it or not. Here is an introductory overview on GDPR for reference: Consent is King: GDPR arrives.
Otherwise, I thought that now would be a good time to clarify my own personal policy on privacy of the data on people with whom I interact. This is not so much a legal framework but rather a set of my own best practices when it comes to professional relationships.
A political boss once famously said something along the lines of, “Never write if you can speak; never speak if you can nod; never nod if you can wink.” Despite this political wisdom, I treat email as a private exchange with the other party. The beauty of email communication is that it can be performed asynchronously. This is convenient when I’m in Tokyo and need to communicate with someone in Paris, as is often the case. Or perhaps I’m in transit, and during a flight connection at some ridiculous hour I can send over my thoughts or reactions on something without disturbing the other person’s sleep schedule.
Even though emails are easily forwarded, I generally do not do this unless it is implied in the context of the email to allow for this. For avoidance of doubt, I will never share an email from a sender who has requested that I keep it confidential.
I feel quite strongly about this policy because without it, people may feel reluctant to share things with me in writing. Investing in and sitting on boards of startups requires excessive communication, often about sensitive topics. There are simply not enough hours in the day — especially convenient hours spanning multiple time zones — to require telephone or face-to-face communication for every sensitive exchange.
Note that this same policy applies to exchanges sent to me over messenger applications like LINE, WeChat, Whatsapp, Slack private messaging, etc.
Secrets
Perhaps the best way to make me forget something is to tell me that it’s a secret and make me swear to never tell anyone else. Not only can I assure you that I will never repeat it to a soul, but most likely I will forget it promptly after I hear it. This was a mental trick I implemented decades ago to ensure that I take any secrets to the grave, and now it has become so second-nature that I find it hard to remember any secrets at all as I grow older.
Gossip
In contrast with secrets, when you start to tell me something that smacks of gossip, I already stopped listening. So not to worry, it cannot be repeated.
Debts
I do not keep a record of the money I lend to other people. So if you borrow money from me, I will trust that you will not forget to pay me back. If on the other hand you are unscrupulous or find yourself in financial distress, you can deliberately decide to never pay me back and will get off scot-free. The converse of this, however, is also true. In other words if you lend me money, I will not keep a record of it and may even forget to reimburse you (especially if the loan was for something “secret”).
All of the above notwithstanding, however, if I invest in your company, especially when I am investing on behalf of other people’s money which is my main vocation, you can be assured that I will behave rigorously in tracking the progress of your company and all rights you have granted in exchange for my investment.
Happy GDPR ramp-up to all !