Demystifying the common GDPR Myths

Published on: 23 October 2018 Last Updated on: 15 November 2021

As one of the most common discussions around the internet today, data protection has seen huge changes in 2018. Indeed, the introduction of the European Union’ General Data Protection Regulation (GDPR) program is making companies finally face up to their corporate responsibilities. While this has been more than a long time coming, it has not been dealt with well for the most part in the recent decades.

This step from the EU is a merciful way to help make the regulation change as soon as possible. However, like all major regulatory changes, some half-truths and full-blown myths have emerged. What are some of the common tall tales told about GDPR that you need to look out for?

1. GDPR is just a mechanism to fine companies!

Absolute hogwash, to put it bluntly. GDPR is a mechanism to send data protection back to the people who the data actually is about, not the company. A company can be fined as much as £17m, or 4% of their annual turnover, by the GDPR. However, this isn’t some committee looking to pay for their holidays and Christmas party: this is here to stop citizens being ripped off any longer by companies.

2. GDPR fines are handed out without warning

We don’t know where these kinds of ideas come from, but it’s just not true in any capacity at all. fines in GDPR will be proportionate to the issue at hand: a small company with a GDPR breach will be fined a reasonable amount. Also, you are given two – almost three – warnings about GDPR compliance failure.

You won’t just find a team of armed guards in EU flags turning up, don’t worry!

3.GDPR came from nowhere

For years, GDPR was reported on and discussed at length. It was not a surprise. Companies were given the best part of a full calendar year to get their systems into spec before the May 2018 roll-out.

Companies that missed the GDPR call-out would simply have not been paying attention to data protection policy changes. This was not a surprise for anyone who followed the industry. If you were a business that did not see GDPR coming, then we recommend that you spend some more time looking at European law changes: this was not a surprise!

4. GDPR is constraining businesses

Again, not true – GDPR merely makes businesses take responsibility for the data that they have. GDPR is making it harder for consent to be presumed, and instead, it has to be clearly provided. The days of pre-ticked boxes for consent are gone. It’s also going to be much easier for people to withdraw their consent if they so choose.

This is not constraining businesses, it’s merely making a part of the web that was thoroughly amateur in its people protection a bit more stringent in the way that you think and acts like a business.

5. GDPR was not necessary

This is also quite untrue: GDPR was absolutely necessary. It’s simply putting in place a foundational program that reinforces key terms such as the Data Protection Act, and also makes companies more likely to care for the data they hold instead of using it recklessly.

This myth, that GDPR is not necessary and was just added in to add more ‘red tape’ is not the case at all. All of the data breach stories of the recent years would have been almost impossible under GDPR: in a bid to give people back power over their own data, GDPR was essential.

GDPR compliance is a fixed process

This has been around for some time and is not the case at all. While it may have rolled out in 2018, the EU is fully aware that getting ready for it will take some time and effort. While the two years to get ready was more than enough, with ICO regulation kicking in as of May ’18, there is going to be change to it as time goes on.

This is not like the Y2K bug; out of all the painful misconceptions about GDPR, this may be among the worst. You might not like the need to be more specific with data regulation, but GDPR is a good thing – the myths make it sound like the end of the world. All it is, in reality, is an end to lawlessness in data protection and regulation.

Final Take Away

Hence, these are some of the crucial facts that you have to take care of while you want to improve your business in the correct order at the correct point in time. Do not make your choices in grey while you want to develop your current business in the right direction.

Read Also:

Content Rally

Content Rally wrapped around an online publication where you can publish your own intellectuals. It is a publishing platform designed to make great stories by content creators. This is your era, your place to be online. So come forward share your views, thoughts and ideas via Content Rally.

View all posts

Five Tips to Make Sure Your Security Software Is Actually Secure

Security software is a must for any business. Your systems contain a lot of important company information, as well as the personal information of your employees and your customers. A security leak or a hacker can be devastating to your business. However, you shouldn’t make the mistake of thinking that just because you have security software that you don’t have anything to worry about. You have to know what to do, or what not to do, to make sure that software keeps you as secure as you think. You can also look for a network security company that will help secure your business. Choose the Right Software The first step is choosing the right software. You have to choose software that provides your business with the features you need, but you also have to choose a trusted name. You need to make sure that your planning begins by finding the correct network security company. Look for credibility, experience, and reputation in the field. Make sure that you are confident of their abilities. A SOAR vendor, which stands for security orchestration, automation, and response, is a good choice for many businesses. The right system can provide you with end-to-end security operations management, which means the program covers every security concern with thorough protection. Choosing an experienced, full-service vendor also means you always have access to a customer service associate who can answer your questions and make modifications to your program to ensure it works for your specific business. Check Your VPN Your virtual private network (VPN) is important because it guards your internet traffic. No one can gain access to the information on your network unless they are provided with direct access to the network. Even if a device is using an outside internet connection, with a VPN, not even the owner of that connection can access your information. That includes information about the security of your virtual systems. The problem is, just having a VPN isn’t enough. It could be leaking your IP address, giving hackers a way into your system. To make sure your VPN isn’t leaking: Turn off your VPN. Conduct a Google search for, "What is my IP address." Engage your VPN. Search Google for your IP address again. When you check your VPN these ways, you should see that the address is different. If it isn’t, you have a problem with your VPN. You can also use an exit server to check your VPN. When you check your IP address, it should match your address and the country you selected. Allow Authorized Cell Phone Use Only It’s normal for employees to access company platforms and information on the go. It’s so convenient that many employers encourage it. You can even access your desktop from a tablet or phone, which means you can continue working, even when you’re not in the office. Unfortunately, using other devices can compromise security. Apple devices are relatively secure, but Android devices are not. No matter what kind of device your employees have, they should be updated with the latest security software. This can be a difficult thing to police. If working at home is expected of employees, provide them with company devices that you have control over updating. Assign Authorized Users Carefully Not everyone should have access to your company’s personal information. Not all employees should have access to certain systems and programs either. They only need access to the information and systems that are relevant to their job description. Assign authorized users carefully to help prevent information leaks. Although most employees have pure intentions, they can still make mistakes with important company information. That includes accessing information from unsecured systems or accidentally sharing the information with someone else who shouldn’t have access to that information. It’s especially important when someone leaves the company. As part of the exit process, it’s important to unauthorize access to all company systems. Schedule Continuous Training Training and development are important to any business but don’t think your job is over as soon as the initial training is over. Security systems are changing all the time, as are the needs of your business. It is important to continually train your staff to ensure your systems are secure. It includes refresher training on basic security information, like proper password selection, as well as specific training on how to use the actual security program. Partnering with a quality provider enables you to use them as a resource when planning your trainings, and in some cases, they may even be able to provide you with training led by one of their associates. Don’t think that just because you have security software that your system is actually secure. There are a lot of things you can do to make sure your company’s information stays safe. Read Also: What Are The Things You Need To Know While Choosing Antivirus Software? Why DRM Is The New Standard For Document Security Top 10 Computer Security Mistakes

4 Ways To Address Privacy Concerns Around Customer Data

A single data breach can expose tens of millions of customers to spam, scams, identity theft, fraud, and more. It’s also a quick, easy way to destroy your brand reputation and lose a massive chunk of your customer base. In the worst-case scenario, you could end up paying millions of dollars in fines. If serious enough, your team members or executives could even face some jail time. But customer data still needs to be kept safe and private, even when the risks are far less grand in scale. Simply leaking your customers’ email addresses and exposing them to junk mail can erode their trust in you. To protect your customers and assuage any customer concerns, always handle their data with care. Here are a few important ways to protect data, limit the risks, and put your customers at ease. 1. Use Zero Party Data Perhaps the best way to put customers at ease about their data is to give them more control over what you know. Letting them decide what they share with you — and don’t — can protect their privacy and boost your brand reputation. Giving customers a chance to consent or opt out of sharing first-party data when they visit your site or app is a nice touch. But if you really want to put your customers in the data driver's seat, zero party data is the way to go. With zero-party data, your customers and prospects respond to surveys, polls, questionnaires, and more. These inputs can be used to personalize their experience, or anonymized and aggregated to help your brand make data-driven decisions. Either way, when customers provide this data, they usually expect some kind of user benefit. A personalized product recommendation, useful content, or a customized landing page are all ways to deliver that small reward. 2. Be Transparent Ideally, you should tell all of your customers exactly what you collect, what you use it for, and why. As long as you’re not up to anything nefarious (you aren’t, right?) transparency should be as simple as a brief pop-up disclaimer. In fact, transparency could help improve your credibility and customer trust in your brand. And that trust can in turn have a direct impact on your business growth and performance. It’s particularly important not to collect any extra bits of customer data you don’t need and they haven’t agreed to share. Gathering and storing extraneous data heightens the risk to your customers if there’s a breach. In some countries, regions, or industries, it could even be illegal. Besides all this, it can take up unnecessary room on servers, cloud storage, etc. To be on the safe side, always get permission from customers before collecting any kind of data. 3. Anonymize and Encrypt Some of the worst data breaches on record have also turned out to be some of the most ridiculous. Companies have accidentally leaked massive spreadsheets with customer names, addresses, passwords, and credit card data all linked together. But even anonymizing data doesn’t necessarily give customers any real protection or privacy. It’s all too easy to put two-and-two together and figure out someone’s identity. To ensure that data is truly safe, your company should always use the latest encryption methods and data protection protocols. Consult with experts about the best practices, software programs, and other tools to suit your company’s needs. Data security is not the place to cut corners, so be willing to dedicate a significant portion of your budget to protecting customers. Otherwise, you risk putting them in danger of identity theft, financial loss, reputational damage, and more. 4. Train Employees and Vet Vendors Customer data should be kept strictly confidential and only shared with employees and vendors on a need-to-know basis. Your employees need to understand how crucial it is to protect sensitive data and how exactly they need to do it. Before handling potentially sensitive data, employees should undergo appropriate screenings and training. Train them not to share details like passwords or door codes, and limit access to sensitive cabinets, rooms, or computers. Third-party vendors and contractors can be a potential cause of concern for data privacy. That’s why it’s important to carefully vet them, just as you would employees. The more you share data, the higher the risk of a breach or exposure along the way. If a vendor has access to your data, and its systems are compromised, your data could be leaked. Or, bad actors at the company you shared with could use the data in unsafe or inappropriate ways. Worst-Case Scenarios In the event that a data leak or cybersecurity event does occur, your company should have an emergency plan in place. Know what you’ll do in the event of a breach — how you’ll stop it from progressing and contain the damage. The plan should clearly indicate roles and responsibilities and include considerations for various scenarios. Many companies, universities, and government agencies have their plans publicly available online, as a resource. Whatever you do, never attempt to conceal a data breach from the media, your customers, or the public. You could end up facing fines, lawsuits, sanctions, jail time, and irrevocably brand-damaging press. Instead, own up to the breach immediately and let your customers know how you plan to handle it. In order to earn back their trust, you’ll have to prove you know how to do the right thing. Read Also: Data Security In The Cloud: Strategies For A Safe Migration Process Mining and Data Privacy – Key Points to Remember 5 Ways To Prevent Cyber Attacks

Should you Replace or Rekey Locks? — What Locksmith Richmond says

Should you Replace or Rekey Locks? Each home or business owner has different requirements for this question. Have you moved? What types of locks are installed? How old are the locks? Have they meet the security level you want to be installed in your home or office. These are all questions you should ask yourself before making a decision about making a new key or change your locking account completely. You usually want to rekey locks for your house or car because of burglary, theft or vandalism. You can also rekey your locks if you lose your keys if you feel that too many others have copies. Before you decide if you should re-key or replace your home or business locks, it's important to know what the lock-re-key is doing once. This is one of the most basic locksmith tasks, but it can be complicated by higher security locks. Lock the key again to lock the glasses so that each waffle takes place in a different order than before. This is done to keep the same lock and effectively change the keys. The cursor can use the new code lock on the glasses so that the old set of keys does not work with new glasses. If your door locks are a security class (ANSI) Grade 1 or higher, you should be able to re-enter these unlocked locks. If you can turn on the lock again, then you do not have to buy any additional hardware that makes it much costlier. Here are some other benefits. Preserves the look of the door (no color lines) Locks can be tensed with the same locks (convenience) Cheaper! If your locks are old and weak but fashionable, it can take a lot of time to completely replace the entire locking system. There are a couple of times that it is necessary to go over like: 1. If your lock is broken or other malicious haps: If some locks' assembly has spent so much that some locks or keys no longer catch, to ensure the safety it is time to take new locks. 2. Your locks are too old to find parts: If you have an antique locker and the parts are no longer able to be replaced or re-keyed in the glasses, it is the time to upgrade your existing locks to the new ones. The new locks at this age have a much better level of security as the safety procedures have been upgraded over the years. It's very difficult to find a locksmith that works with antique locks, and if you encode or repair a premium for a fee. 3. You require a higher level of security for your home or business: If you have locks installed so that a low-security rating should be in your to-do list, add them at least ANSI 1 level. These locks are harder to choose, drill, or otherwise manipulate. We recommend good lock known companies like Schlage and Kwikset, but there are many good locks on the market. Compare the performance charts of Consumer Reports when you are on the market. You can also ask your local locksmith, as which they install is never a bad choice. Now you know the benefit of rekeying vs. changing your locks and you made the decision to rekey them, then there are three options. Hire a local locksmith Richmond (if you are in Richmond) to come to your home again for rekeying to your locks. Remove the locks from the door frame by calling the local locksmith shop or local locksmith and reset them for you. DIY - There are many re-key kits, that can be purchased, provide basic guidelines to rekey the locks. If your locks fall into the category of lock change, there are about the same options, but then you have to first choose then opt new types of locks that you want to install. You can hire a handyman or a local locksmith to complete a professional lock change. It is often suggested to hire a professional that you will find from Vancouver, BC locksmith or other trusted source with a review like a swear to have hassle-free lock changing procedure. You can buy a lock-set online and make out the lock nodes yourself. Read Also: Dutch Locksmithing Company Reveals How To Get Best Prices Top 10 Effective Tips To Keep Your Home Safe

Demystifying the common GDPR Myths

1. GDPR is just a mechanism to fine companies!