1. How do I know when and what to publish and what to protect?
It is indeed a difficult question. You should think if your invention is detectable on your final product, what your competitors are doing, based on their products and publications, and what you may gain by protecting it.
Usually, inventions that can be detected on the final product, or if someone with relative knowledge may derive them, or inventions in the technical fields that your competitors are working on are preferred to be protected.
The correct time to file for a patent depends on the maturity of the invention, whether it is a breakthrough, or a continuation of existing knowledge and a possible product launch.
2. Is it expensive to protect my Intellectual Property?
There is no fixed cost. It depends on the geography where you wish to protect it and your strategy. The costs are not related only to the various Patent Offices, but they also depend on the need for translation and attorney fees. For example, a simple application in the Greek region may cost a few hundred euros, while a global application could cost a few thousands. Safeguarding your rights in major European countries, USA, Japan or China for a period of 20 years might cost hundreds of thousands of euros. Our goal is to recommend the direction towards the maximum profit, with the minimum cost.
3. Do I really need to sign NDAs?
Definitely yes. Even if you are talking to a trusted person, an employee, a customer/supplier, a consultant or a friend, it is better to have put an NDA in place before revealing any valuable information.
4. How do I make sure that my trade secrets are actually kept?
Having an NDA signed works in your favor. Usually, NDAs involve non-compliance clauses that would prevent someone from revealing your trade secret. When signing an NDA with another company, it is better to have done a background check and know if they have a good reputation and possess assets, so that you can be compensated in case of an NDA breaching.
1. Do I have to comply with the GDPR?
If you have even one employee then you should certainly comply with the GDPR. If you operate a website through which you do not pass online contracts but which you use to send newsletters you still have to comply with the GDPR. In general you have to comply if you store, transmit, process, delete, etc. information related to an identified or an identifiable person, such as: a name, a social security number, an address etc.
Be careful: compliance with the GDPR doesn’t equal information security. The latter is a much broader concept and depending on the nature of your activities there could be other laws that you might be obliged to comply with regarding data safeguard.
2. Am I a controller, a processor or both?
If it is you who determine the purpose and means of processing then you should consider yourself a controller. If you carry out processing following the guidance of someone else then you are a processor. Whether you act as a controller or a processor is particularly important for your obligations under the GDPR. Attention however, because there might be cases where you operate as a controller for certain processing activities and as a processor for other.
3. What other data, apart from personal data, do I handle?
This depends on your activities. If you deal with patents, trademarks, designs, etc. then you certainly handle intellectual property information in a digitized form, stored somewhere in your servers or in a cloud. If you have adopted specific strategies in your company, then most probably you have trade secrets that allow you to promote your business. Where you have a long dataset of clientele, then you handle simultaneously personal data, a data base that could be eligible for an IP right and a trade secret. Generally speaking
4. How should I protect data?
There are no specific things you should do to protect data. There is a process-based approach in respect of Data (or Information) Security. You are responsible to choose fitted for purpose measures that suit best your business. To do that you should have recourse to both specialized lawyers and IT experts. The adoption of codes of best practice could certainly help you but are not a panacea.
5. What should I pay attention to when contracting with third parties?
Most often data breaches occur because third party partners to whose systems your systems may be connected to, are poorly protected against cyber risks or other data exposures. Hence, notwithstanding you may have implemented adequate measures in your company, dangerous vulnerabilities might still exist if your partners haven’t considered data threats seriously. What you must do before contracting is to control and check your future partners’ information security resilience.
Be aware of your cloud provider data breach policy. Many cloud providers have embedded disclaimers of liability in their terms and conditions which means that in case of a data breach you should have difficulties in obtaining compensation
(Note: regarding personal data the GDPR has taken certain precautions as to such disclaimers).