And it's a bit hard to believe that these several startups functioned without ever collecting names, emails, IP, phone number, or address of any lead or customer ever.
Maybe they did? Who knows? Never gonna find out because no one had time to look into it. It certainly wasn’t done with malicious intent, perhaps by accident or oversight, which is likely the situation in most small companies.
is not covered by GDPR.
And it's a bit hard to believe that these several startups functioned without ever collecting names, emails, IP, phone number, or address of any lead or customer ever.