Why You Shouldn’t Fear GDPR: Debunking Myths
Why You Shouldn’t Fear GDPR: Debunking Myths
Only days after its implementation, GDPR is well on its way to cause mayhem and chaos all over the country. Are you still struggling to separate facts from fiction? Don’t worry, we have debunked 6 GDPR myths so that you don’t have to.
The Day of Reckoning Is Here
After months of wild speculations and misinterpretations, worries and panic, the GDPR was officially put into effect on Friday May 25th. And ever since, businesses and organisations of all sizes and types have been panicking about the future of their online marketing efforts.
In short, the new law can be seen as an attempt to give European individuals their rights and freedoms back. EU citizens will now be able to ask companies what personal data they have on them - and, of course, insist that it will be deleted. Additionally, the stricter rules means that businesses will have to explicitly ask for user’s consent before gathering data and potentially selling it to digital marketers. The basis of GDPR is actually surprisingly simple - it’s an attempt to rebalance the power between internet users and the organisations that are freely using our data to literally spamming us into submission.
Failing to comply could result in fines of 20 million euros or 4% of the global revenue - whichever is bigger.
In the attempt of desperately getting consent, many companies have sent their subscribers into what can only be described as GDPR fatigue - bombarding their subscribers with daily emails begging them to re-opt. Isn’t it ironic, a Twitter user commented last week, that GDPR has caused what’s probably the single biggest wave of spam ever?
The 20 Million Euro Elephant in the Room
One week in, GDPR has already caused great amounts of chaos worldwide. And not even the lawmakers themselves have been spared - it was recently reported that (paywall) The European Commision has broken its own privacy rules with a data leak after less than a week.
Despite this, it appears that GDPR stories are greatly exaggerated. And the biggest problem is that people are struggling to separate facts from fiction, history from myths.
As with anything else in life, it’s vital that you’re critical of where you get your information from. Many companies, acting on poor legal advice from self-proclaimed “GDPR Experts” they meet on LinkedIn, have already made terrible blunders or been forced to shut down their services to European audiences altogether, such as the Chinese smart lights app Yeelight.
Unfortunately, we live in a world where anyone with a Google Doc and an internet cable can label themselves as GDPR experts - whilst having zero legal knowledge. And the horror stories are already piling up: David Banks, an actual media consultant, explained to HuffPost that he had come across schools where the administration had been told they could no longer alert staff to students “potentially life-threatening allergies” due to GDPR.
These myths can be potentially dangerous. Alerting your staff to a student’s fatal allergy has absolutely nothing to do with GDPR.
I think it’s time we all sit down and debunk some of these GDPR myths once and for all.
Firstly, it appears to be a conceptual misunderstanding that GDPR is a set of rules that need to be followed. This is incorrect - more than anything, GDPR is a principle based system which ensure that personal data is processed fairly, limited to what is seen as necessary, and collected for a specific purpose.
So, let’s debunk some of the GDPR myths that are currently circulating the internet.
Myth Number 1: “We are leaving the EU anyway, so GDPR will not be relevant for us”
Finally an upside to Brexit, eh?!
Well, unfortunately not.
In a nutshell, GDPR is here to protect the rights and freedoms of citizens of EU member states. This means that if you deal with any data belonging to an EU individual, you will need to comply with GDPR.
It’s not about your location - it’s about your customer’s.
Myth Number 2: “What’s the hurry, we don’t need to comply right away”
Recently, several experts wiped the dust of their crystal balls and predicted that there would be a smooth GDPR-honeymoon phase. In other words, they predicted a transitioning phase where both businesses and regulators could get used to the new laws - without an awful lot of prosecution going on.
By all means, this appears to be the case. Unfortunately, quite a few businesses took this as a “Get out of jail free”-card, and immediately decided to stall all efforts in becoming GDPR compliant. Why do today what you can postpone until tomorrow, right?!
Despite the honeymoon phase, we advise that you aim to comply as quickly as possible. Especially since businesses like Facebook and Google have already been reported - within hours of the new legislation being in place.
Myth Number 3: “I’m a small enterprise, so GDPR doesn’t apply to me”
Yet another myth that needs debunking.
While there are indeed certain concessions to small businesses, GDPR still applies to all organisations, no matter the size, reported to be “engaged in economic activities” and involving the processing of personal data.
In short, the applicability of GDPR depends on the nature of the processing being performed rather than the size of your organisation.
Myth Number 4: “I can only process personal data if I have direct consent from the individual”
Consent has indeed been tightened up under GDPR.
Luckily for you, consent is only one of six lawful ways for you to process data. Legally, you can contact individuals under six bases: (1) Consent, (2) Contract, (3) Legal Obligation, (4) Vital Interest, (5) Public Task, and (6) Legitimate Interest.
When preparing for GDPR, you need to understand why and how you store and process someone’s data - and to identify which legal basis applies to your business. This also leads us to our next myth in need of debunking:
Myth Number 5: “I won’t be able to email my clients anymore”
Rumour has it that you might as well wave your email account goodbye - you certainly won’t be able to email clients anymore.
This, however, is inaccurate. Under GDPR, you can still email clients - as long as you can prove a clear relationship, a genuine mutual interest, and expected and appropriate processing, and without infringement of individual rights and freedoms of the individual.
And it’s certainly not the end of the world. Yes, your database will be smaller after GDPR. But once contacts have opted in to receive communications, you can be sure that they are actually engaged with your brand.
So don’t wave your emails goodbye just yet!
Myth Number 6: “I will definitely face a 20 million euros fine if I break the rules”
Indeed, certain infringement will incur fines of up to 20 million euros or 4% of worldwide annual turnover. But this doesn’t mean that it will be the norm for every single infringement.
In reality, GDPR is not about making businesses go bankrupt - it’s about better rights for EU citizens and increased accountability.
Historically, fines are a last resort for ICO. Between 2016-2017, only 16 out of 17,300 cases led to fines. Instead, businesses received warnings, reprimands, and corrective orders. While these can indeed damage your reputation, they certainly won’t put you out of business.
These are just a few of the many GDPR myths circulating the internet at the moment. In reality, no one really knows what the full implications will look like. But bear in mind that the rules are not here to make your life harder - it’s here to protect you.
GDPR wishes to build on the foundations of the Data Protection Act which has already been in place for nearly 20 years already. And perhaps most importantly - GDPR will not be the end of digital marketing or customer communication. Rather, it will protect your clients and make sure you reach out to them with relevant communications.
Six Questions with SAS: Prof Bill Buchan
Prof Bill Buchanan OBE, PhD, FBCS Professor of Cryptography at Edinburgh Napier University.
Six Questions with SAS: Bridget Greenwoo
Bridget Greenwood, Founder at the Bigger Pie.
Six Questions with SAS: Mia Baker
Mia Baker, B2B Product Lead at Prenetics International, answers Six Questions with SAS. -Wi...
The People Problem: Cyber Security
The majority of security breaches are “not due to the failure of the technology implemented, b...
A Conversational Future
One of the most significant modern trends to take the world of technology, and subsequently th...
ERP Review: The Pros and Cons of Odoo
Odoo ERP has grown a significant following around the world. But will it be the right ERP syst...
The Best Secure VPNs (with Free Trials)
Are you looking for the best secure VPN on the market? Our security experts have gathered up a...
Buyer’s Guide to Endpoint Protection
A solid endpoint protection is key for any business that wants a comprehensive approach to the...