Demystifying the common GDPR Myths
As one of the most common discussions around the internet today, data protection has seen huge changes in 2018. Indeed, the introduction of the European Union’ General Data Protection Regulation (GDPR) program is making companies finally face up to their corporate responsibilities. While this has been more than a long time coming, it has not been dealt with well for the most part in the recent decades.
This step from the EU is a merciful way to help make the regulation change as soon as possible. However, like all major regulatory changes, some half-truths and full-blown myths have emerged. What are some of the common tall tales told about GDPR that you need to look out for?
GDPR is just a mechanism to fine companies!
Absolute hogwash, to put it bluntly. GDPR is a mechanism to send data protection back to the people who the data actually is about, not the company. A company can be fined as much as £17m, or 4% of their annual turnover, by the GDPR. However, this isn’t some committee looking to pay for their holidays and Christmas party: this is here to stop citizens being ripped off any longer by companies.
GDPR fines are handed out without warning:
We don’t know where these kinds of ideas come from, but it’s just not true in any capacity at all. fines in GDPR will be proportionate to the issue at hand: a small company with a GDPR breach will be fined a reasonable amount. Also, you are given two – almost three – warnings about GDPR compliance failure.
You won’t just find a team of armed guards in EU flags turning up, don’t worry!
GDPR came from nowhere:
For years, GDPR was reported on and discussed at length. It was not a surprise. Companies were given the best part of a full calendar year to get their systems into spec before the May 2018 roll-out.
Companies that missed the GDPR call-out would simply have not been paying attention to data protection policy changes. This was not a surprise for anyone who followed the industry. If you were a business that did not see GDPR coming, then we recommend that you spend some more time looking at European law changes: this was not a surprise!
GDPR is constraining businesses:
Again, not true – GDPR merely makes businesses take responsibility for the data that they have. GDPR is making it harder for consent to be presumed, and instead, it has to be clearly provided. The days of pre-ticked boxes for consent are gone. It’s also going to be much easier for people to withdraw their consent if they so choose.
This is not constraining businesses, it’s merely making a part of the web that was thoroughly amateur in its people protection a bit more stringent in the way that you think and acts like a business.
GDPR was not necessary:
This is also quite untrue: GDPR was absolutely necessary. It’s simply putting in place a foundational program that reinforces key terms such as the Data Protection Act, and also makes companies more likely to care for the data they hold instead of using it recklessly.
This myth, that GDPR is not necessary and was just added in to add more ‘red tape’ is not the case at all. All of the data breach stories of the recent years would have been almost impossible under GDPR: in a bid to give people back power over their own data, GDPR was essential.
GDPR compliance is a fixed process:
This has been around for some time, and is not the case at all. While it may have rolled out in 2018, the EU is fully aware that getting ready for it will take some time and effort. While the two years to get ready was more than enough, with ICO regulation kicking in as of May ’18, there is going to be changed to it as time goes on.
This is not like the Y2K bug; out of all the painful misconceptions about GDPR, this may be among the worst. You might not like the need to be more specific with data regulation, but GDPR is a good thing – the myths make it sound like the end of the world. All it is, in reality, is an end to lawlessness in data protection and regulation.