Btw are you from Belgium? There's a Flemish joke in your user name.
I'm working on a startup, GDPRvalet.io, currently in the phase of testing my assumptions.
Target audience is startup/scale-ups who need to comply with GDPR but don't have the money to hire lawyers (spoiler alert: in most cases you don't need any, certainly not in this phase of your company).
I'd like to ask you some questions to test my assumptions.
As a return favour I'd be happy to answer any questions about the practical implications of GDPR for your company – I've been working as a GDPR consultant for about 10 clients since 2017.
Solve the problems you have not the problems you may have. If you are dealing with a specific industry or region, then your compliance needs should be obvious (EU - GDPR, Healthcare in US - HIPAA, etc). Of course, take all reasonable and appropriate precautions to secure and protect your customers' and users' data. As your business grows and evolves, you may find more compliance requirements but you probably don't need to deal with them until you hit those stages
GDPR is all you need at an early stage.
Target markets you have insights and don't care about the other. When you grow in your home market, you can pay employees or lawyers and then expand.