Building a business? 4 data protection questions you have to ask