The most common errors made by startup companies – Part 3

We were asked by Maddyness UK to share our experiences, which we did in a series of articles. In part three, we look at commercial contracts, data protection and keeping organised records.

1  Proper regard not paid to commercial contracts

When a big client is interested in product, in the excitement, an entrepreneur rushes to get that client signed up. In so doing, the entrepreneur causes their business to enter into a contract that it subsequently transpires is not in its best interests. The business is left with an albatross around its neck.

Before a business signs on the dotted line, whether it be for a contract with a customer or a supplier, an entrepreneur should check exactly what the business is signing up to.

The following types of terms are often overlooked:

  • Limitation of liability. The business should limit its liability under the contract to a sensible amount (for example, correlating to its insurance cover). On the flip side, it should prevent the other party limiting its liability under the contract to all but nil.
  • Protection of intellectual property. The importance of intellectual property was discussed in our previous article. When it comes to allowing any third party usage of that property, a business should make sure it is as limited as possible. It does not want the other party to the contract running away with its ideas and developing them on its own.
  • Non-circumvention. Most entrepreneurs have spent many years building up their networks of useful contacts, including suppliers and potential customers for their business’ product. It is valuable information. The other party to the contract should not have the right to approach these sources directly.
  • Non-solicitation. The business may have employees, upon which it may have expended considerable amounts in training. The other party should not be able to poach them
  • Probation periods and targets. Not all business relationships work. With a new relationship, a business should consider having an initial term to see how things progress and/or potentially targets for the parties to reach. The business should have a mechanism by which it can terminate quickly or make alternative arrangements if things do not go according to plan. If the business is going to make a considerable capital expenditure on the basis of the contract, the opposite applies: it should make sure that the contract will endure for long enough that the business can recoup that expenditure and more.

2  Ignoring data protection

Very few businesses do not use personal data. Those that do not, probably should: a considerable amount can be learnt about a business’ brand from information provided by its customers or potential customers. This is why such information has genuine value.

Protection of personal data is a hot topic. Unless the correct rules are followed, significant penalties can be imposed by regulators. This is obviously bad news for the business.

The possibility of such penalties does not play well with investors. Neither will they be happy to see potentially valuable information received from third parties frittered away. They will want to see that at least the basics of a data protection regime has been instigated. Often they will wish to see considerably more.

Very often, any sort of regime is conspicuously absent.

As initial steps, a business should:

  • register with the Information Commissioner’s Office (the presiding data authority in the UK):
  • If it is processing data of non UK citizens (which, of course, now includes those in the EU), register with the relevant local data protection authorities.

From then on, the golden rule is to remember that the personal data provided belongs to the individual that provided it and not to the business.

Other than that, some basic rules:

  • If the business has a website, it should include in terms and conditions for use of that site, including what it will do with any visitor’s data;
  • If the business is going to share a person’s personal data with any third party (including, for example, to allow a third party to send marketing emails to that person) the business should be explicit with that person that this is intended and should obtain his or her express consent;
  • On any emails to any person who has provided personal data, a business should ensure it includes an “unsubscribe” option, so that he or she can choose not to receive any further emails.

These really are only a beginning as to what is a very complex topic. If the business is dealing with personal data, it should get specific advice on the levels of protection that it needs to apply, which will vary depending on the particular situation. These levels should be regularly reviewed as the business grows.

3  Not keeping proper and organised records

It is too easy in the hubbub of running a business to forget to keep proper and organised records.

There are many downsides to this (for example in terms of keeping up with accountancy and taxation issues), but it is a particular issue when it comes to investors.

Imagine that you are an investor that can potentially put money into hundreds or thousands of potential startups. Would you invest in the startup with no or horribly disorganised records, or would you look to the startup whose paperwork is in place and well organised for a quick review?

Obviously, to an extent, it will depend on the product being offered, but there is still a lot to be said for the maxim that you never get a second chance to make a first impression.

When that investor does come along, the entrepreneur often finds himself too busy with the business to undertake the, by then, substantial task of putting together the records (often in a data room). He or she has to pay professional advisers to collate everything, which can be a significant and unnecessary expense.

It is far better that an entrepreneur keeps organised records from the outset of the business and then updates them as it goes.

Tim Herbert


“Jane Smith is exceptional, having a great blend of legal skills and commercial acumen as well as injecting a sense of fun into the business.”


Tim has nearly 25 years’ experience advising start-ups, SMEs, trusts and individuals on corporate and company commercial matters, in the UK, Hong Kong, Australia and New Zealand. He has particular experience in commercial dispute resolution. Trained at Herbert Smith Freehills and previously a barrister and an instructor for the College of Law in New Zealand, Tim is a regular speaker and contributor on company commercial and dispute resolution issues. He has made multiple appearances in New Zealand’s Courts and Tribunals, including in the Court of Appeal and the Supreme Court.  He continues his advocacy in various forums in the UK.

Based between Devon and London, Tim is a trustee of the Torbay Coast & Countryside Trust. He volunteers for Torbay Hospital Radio and also runs his local pub quiz. He is keen to help businesses in the South-West, as well as in Greater London.

previous organisations

Ignition Law; Jones Day Reavis & Pogue; Herbert Smith Freehills; Coudert Brothers


Brasenose College, Oxford, Law, M.A.(Oxon), 2:1; Oxford Institute of Legal Practice, Diploma in Legal Practice – Merit

Solicitor, admitted in England and Wales, September 1999; Solicitor and Barrister; admitted in New South Wales, Australia, November 2005; Barrister Sole since 2010, admitted as Barrister and Solicitor in New Zealand in December 2005.