IT Blog

Compliance Cyber Security Data Protection IT Support

Common GDPR compliance misconceptions

No matter how big your business is, you are going to have heard of GDPR. The EU General Data Protection Regulation was one of the biggest shake-ups in the world of data protection of recent years and whilst there has been plenty of information out there concerning GDPR, there still seems to be some misconceptions about what it is and how it works.

To help you to understand more about this all important aspect of running a modern business, we have put together our guide to some of the most common GDPR compliance misconceptions and where they might have come from.

You need to email every single person individually

Consent is a huge part of GDPR, however, many business owners have asked whether or not consent needs to be sought after on a one-to-one basis. This is not entirely true, sure, if you wanted to follow the regulation to the absolute highest degree then you could email every single person on your database, every single customer or potential customer and ask them for consent. However, who has time for that. Instead, you need to make sure that you make it clear that every single person needs to give consent and that if they do not provide a response, then this should not be taken as a yes, it should be taken as a no.

Consent is individual to a person, however, you simply cannot, as a business, manage the approach of emailing every single contact to ask them to provide their own personalised consent.

Everyone in the EU is protected

Whilst GDPR is an EU regulation, this doesn’t mean that it is there to protect EU citizens wherever they shop. GDPR applies to organisations that operate within the EU, rather than the people that the serve. If you are based in the EU then you need to ensure that you apply GDPR to everyone on your database, but in particular those that are within the EU themselves.

GDPR came out of nowhere

It is no secret that GDPR was a huge shake-up, but that doesn’t mean that it came out of no-where. In fact, many of the principles that are found within the regulations are much the same as the old Data Protection laws. There is still a core concept of protecting personal data as well as ensuring that any personal data is processed in a way that is lawful and that the use of it is minimised too.

GDPR is something that you should not ignore and it is important that you understand what it is and why it was put in place. Whilst it may have been a source of headaches for many businesses, GDPR is actually there to ensure that they are protected and in turn, that the businesses that hold their data are also protected too. Protected from legal battles and protected from large fines for not acting within the restrictions and regulations as they should.