There are a number of concerns and misinformation around the subject of GDPR. Here we try to address a few of them.
“My business only trades B2B – GDPR does not affect us”
FALSE – Any personal data which is processed by a company from employee data to email addresses for marketing contacts, is subject to the new regulations.
“We are a UK company and the GDPR won’t apply to us after Brexit”
FALSE – When the GDPR regulation comes into force on the 25th May, the UK will still be an EU member state, and even after Brexit, if your company processes any information about EU residents, it is highly likely that GDPR will still apply.
“We already comply with the Data Protection Act – we don’t have to do anything”
FALSE – The GDPR is one of the biggest overhauls to data protection we have ever seen. It is designed to modernise the laws to be more relevant to our modern technological world. If you comply with the DPA, then you are half way to GDPR compliance. For more information on the differences please see our blog GDPR vs The Data Protection Act
“GDPR is all about fines!”
FALSE – It is not the objective of GDPR to hand out excessive fines, but to protect the privacy and security of individuals. GDPR is about putting data protection first, rather than as an afterthought.
“Under GDPR, to process personal data, you must have consent”
FALSE – It is true that GDPR is raising the bar for the standard of consent, but it is not the only legal basis on which you can rely for data processing. See our blog; GDPR – What You Need to Know about the Lawful Bases for Processing? for further information on the legal bases for processing.