Small business secrets...

Bust a Myth - GDPR

Posted by Suzannah Hale on Mar 13, 2018 9:55:23 AM

Fact-myth-GDPR

As children, we’re told all sorts of stories like “eating carrots will help you see in the dark”. We believed these myths, and while they did no harm, we all know they’re not true. But myths continue to follow us around, and it’s sometimes hard to know what to believe - especially on topics we’re not well versed in. GDPR is probably one of these areas, and there are plenty of myths flying around. So how do you know what to believe? Here are a few of the most common myths surrounding GDPR:

Myth: If I don’t comply, I’ll only get a fine

Status: myth busted

Yes, you’ll be fined if you don’t comply with the new laws, you will face fines of up to 4% of your revenue or a maximum of £17 million. These kind of fines should be rare in the UK, but it’s best not to risk it! There are other sanctions to watch out for. The ICO - Information Commissioner’s Office - will also be using warnings, reprimands and corrective orders. And while these may not hit your wallet, it’ll certainly tarnish your reputation with customers and the general public.

Myth: ‘Consent’ is the only way to process data

Status: myth busted

The GDPR’s strict rules explaining exactly how companies can obtain explicit consent for collecting and processing customer data have caused a fair amount of head-scratching. The numerous ways the legislations describe the different types of consent with words - such as “informed,” “explicit” and “unambiguous” it’s enough to make anyone confused.

For processing under GDPR rules, organisations need to be able to identify that they are processing data based on one of these six legal grounds (which have been identified by the UK’s Data Authority: ICO)

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Myth: GDPR is a Europe-only issue

Status: myth busted

I’ve heard so many people commenting ‘well we’re leaving the EU so it won’t apply to us!’ But this is painfully far from the truth. When GDPR is introduced in May 2018, the UK will still be part of the EU, so we, along with every other country, will have to comply. Read more about this here.

Myth: GDPR is limited to personally identifiable information

Status: myth busted

GDPR doesn't only restrict the collection of sensitive data relating to individuals. Personal data under GDPR also applies to IP addresses and cookie tracking, too.

Myth: GDPR isn’t introduced until May 2018, so I don’t have to think about it yet.

Status: myth busted

Benjamin Franklin supposedly once said, “If you fail to plan, you plan to fail.” This applies to the introduction of GDPR. There may be a number of things that’ll need to change in your business before the introduction of the legislation so you comply. If you leave it too late, as with anything, you won’t have time to update your processes and educate your staff. But, on the bright-side, it’s not too late! By reading these myths about GDPR you’ve takes the first step and can continue to prepare your business for the changing data protection rules.

Final thoughts

Myths are harmful, especially in business. If you believe myths before checking the real facts, especially around GDPR and the upcoming changes to the way businesses collect and process data, your business could face serious consequences. The myths listed above are only a few, it’s important to get on top of GDPR before May 2018.

 

Share and enjoy

If you have any questions or comments about this post, please fill in the comment box below.  Or send me an email: shale@bonline.com.

 

Topics: Small business tips, Latest

New call-to-action

About blog

A blog by bOnline for news, tip and insights for  UK 'micro-business' owners.

Subscribe to benefit from our weekly curated tips and tricks you'll need to start or grow your business. We focus mainly on insights related to UK business telecoms and the landline-free future.

Join the VoIP phone system revolution! 

Subscribe here!

Recent posts