·  Legal News, Analysis, & Commentary


Navigating Compliance Requirements: How to Stay on the Right Side of the Law

— November 15, 2023

The key to overcoming compliance issues, while remaining legal, is to link your startup’s regulatory approach with your commercial objectives. ~ Percy Grunwald, Co-Founder, Compare Banks

In this article, twelve industry leaders, including CEOs and partners, share their experiences and insights on overcoming compliance challenges in startups. From navigating international data-protection laws to clarifying the rules for non-licensed workers, these experts provide a comprehensive guide on how to stay on the right side of the law.

  • Navigating International Data-Protection Laws
  • Forming a Dedicated Compliance Team
  • Investing in Specialized Legal Counsel
  • Addressing Patient Data Privacy Breach
  • Hiring a Tax Adviser for Compliance
  • Implementing a Data-Retention Policy
  • Establishing a Compliance Team for Licensing
  • Adopting Compliance Technology for Cost Management
  • Integrating KYC Processes into Onboarding
  • Outsourcing Employee Classification to Experts
  • Building Strong Relationships with the Legal Department
  • Clarifying Rules for Non-Licensed Workers

Navigating International Data-Protection Laws

As a commercial lawyer, I assisted a tech startup in navigating a complex web of data-protection laws during their international expansion. The challenge lay in aligning their data-processing practices with varying regulations across regions. 

To overcome this, we conducted jurisdiction-specific compliance audits, ensuring each market’s regulations were meticulously adhered to. Implementing robust contractual agreements with partners and clients, which outlined data usage and storage protocols, proved vital. Additionally, constant monitoring of legal updates and close collaboration with local legal experts ensured real-time adjustments to policies. 

By proactively embracing legal nuances and customizing compliance strategies for each region, the startup successfully expanded its operations while mitigating legal risks, exemplifying the importance of tailored, localized compliance efforts.

Michael Edwards, Partner, Michael Edwards Solicitors

Forming a Dedicated Compliance Team

Our company encountered compliance challenges when a new data-protection law was implemented in our country. As a startup dealing with large amounts of customer data, we were required to comply with the new regulations within a short period of time. 

This posed a major challenge for our company, as we had limited resources and expertise in this area. To overcome this challenge, we immediately formed a team dedicated to understanding the new law and its implications on our business. We also sought advice from legal experts and conducted thorough research to ensure that we were fully compliant. This involved changing our data-handling processes and implementing extra security measures.

Zach Shelley, Founder and CEO, A-List Properties

Investing in Specialized Legal Counsel

At my previous startup, we ventured into the health-tech space. Navigating the intricacies of the Health Insurance Portability and Accountability Act (HIPAA) proved challenging. Some of our initial product features inadvertently risked non-compliance. 

To address this, we invested in specialized legal counsel and trained our team on HIPAA mandates. We also revamped our data handling procedures and strengthened our encryption measures. This proactive approach ensured our compliance while preserving the essence of our product’s value proposition.

Richard Frankel, Disability Lawyer, Bross & Frankel, PA

Addressing Patient Data Privacy Breach

Compliance is of paramount importance in our industry. The preservation and privacy of patient data was a significant compliance obstacle we encountered. Dental practices must follow strict rules like HIPAA in the US, since they handle sensitive medical information.

A thorough data security and privacy policy comprised staff training on patient data handling, secure electronic record-keeping, and regular compliance audits to assure compliance. However, a potential breach, owing to an employee’s accidental misuse of patient records, was a major issue.

We quickly reported the occurrence, alerted affected patients, and initiated corrective efforts, including training and procedure improvements. We hired a lawyer for regulatory issues. Quickly resolving the breach, engaging with regulatory authorities, and demonstrating our commitment to compliance rectified the issue and reinforced our data protection practices, assuring our continuous compliance and maintaining patient trust.

Dr. Jennifer Silver, CEO, Owner and Dentist, Macleod Trail Dental

Hiring a Tax Adviser for Compliance

In one instance, we encountered a tax-compliance issue. We moved into a new state, and the intricate tax regulations in that region provided a hurdle. 

To address this, we hired a tax adviser who was knowledgeable about state-specific regulations. They assisted us in legally registering our business, setting up the relevant tax accounts, and establishing a dependable method for tracking and remitting taxes. This proactive strategy ensured that we complied with local tax rules, avoided potential penalties, and maintained a positive relationship with tax authorities.

Timothy Allen, Sr. Corporate Investigator, Corporate Investigation Consulting

Implementing a Data-Retention Policy

It’s kind of ironic because, as an e-learning platform, we provide safety-compliance training to our users. However, in the early days of our business, we noted during an internal audit that some of our user data was being retained for longer than necessary. 

Of course, if this had continued, we would have faced a potential compliance issue in relation to several data-protection regulations. To resolve this issue, we implemented a data-retention policy to ensure that we automatically purged user data after the required period. Beyond that, we conducted in-depth staff training to raise awareness of data-privacy best practices.

Farhan Siraj, Chief Executive Officer, OSHA Outreach Courses

Establishing a Compliance Team for Licensing

Compliance with licensing and permits was a significant hurdle for my current startup, which operates in a highly regulated industry. I required multiple licenses and permits to operate lawfully. 

To address this, I established a compliance team tasked with researching, obtaining, and renewing the relevant licenses. I also put in place a strict record-keeping system to ensure that all permits were current. As a result, I effectively navigated the complex regulatory landscape, avoiding legal issues and allowing my business to prosper.

Bruce Mohr, Vice-President, Fair Credit

Adopting Compliance Technology for Cost Management

One of the compliance challenges we faced early on was footing the bill for our compliance efforts. Since it’s not something you can or should avoid, it’s costly to hire compliance experts and lawyers to ensure you’re doing everything right, especially in those early startup days. 

That’s why we adopted compliance technology to help lower our risks and manage the costs of the entire process without losing our protection. Hiring an internal or outsourced compliance officer is also key—they aren’t cheap, but they can save you more money and headaches in the long run.

Gillian Dewar, Chief Financial Officer, Crediful

Integrating KYC Processes into Onboarding

The key to overcoming compliance issues, while remaining legal, is to link your startup’s regulatory approach with your commercial objectives.

One example is when we faced Know Your Customer (KYC) requirements issues in the financial business. Instead of simply complying with regulatory requirements, we chose a proactive approach. We integrated KYC processes into our customer onboarding, using the obtained data to improve our services. This not only assured compliance but also enhanced the customer experience and increased user retention.

Conduct a thorough risk-assessment targeted to your company. Determine whether regulations have a direct impact on your sector and growth objectives. By doing so, you may create a compliance strategy that not only protects your startup from legal liability but also helps it grow.

Percy Grunwald, Co-Founder, Compare Banks

Outsourcing Employee Classification to Experts

One issue many new businesses run into is properly classifying their employees and contractors, especially if they operate a national or international business across city, state, and country lines. Every region has different laws that govern them, and you need to follow not only the ones where your business is located but also where remote team members are located. 

Beyond employment classification, you also need to follow hiring standards, benefits standards, and wage requirements for every new teammate. It can be a lot to manage for startup owners, so most will outsource this work to an expert or hire an in-house one.

Robert Kaskel, Chief People Officer, Checkr

Building Strong Relationships with the Legal Department

Lawyers looking at documents; image by August de Richelieu, via
Lawyers looking at documents; image by August de Richelieu, via

As the director of social media for several e-commerce retailers, and being responsible for creating publicly facing content, the first few times I was told to “run it by legal,” it felt intrusive and unnecessary. However, after having instances such as contests that went wrong due to challenges from prospective winners, or complaints because of unhappy customers, I quickly learned that our legal department was actually an important ally. 

By treating our lawyers as an asset and training my team to engage with them—as well as providing background info on what other brands were doing—we built a strong relationship of trust that led to great content and quick resolution of legal challenges.

James Hills, Publisher – Travel and Relationships,

Clarifying Rules for Non-Licensed Workers

One of my companies is a real estate brokerage, yet I’m not a realtor. My business partner is the broker, and my role has been strictly the marketing and business side of things. However, with brokerages running off professional licenses, there are a lot of rules governing what roles I can and cannot play, despite being an owner. 

Non-licensed workers like myself are limited in what we can discuss with potential clients, what information we can handle, and we are required to follow rules specific to the licensing in things like our accounting and document retention practices. 

It was a challenge, but with extensive research, we found plenty of ways to properly integrate non-licensed key workers like myself into beneficial roles. It felt a lot like we were skirting the law, but we were very upfront. We spoke with the state board several times for clarification and stayed within the law, even if just barely.

Christopher Olson, CFO, Surfside Services

Join the conversation!