No matter what industry you work in, GDPR (or General Data Protection Regulation) should be top of mind right now. It’s certainly big news for business facing journos at the moment. Yet despite the constant coverage there still seems to be a lot of confusion surrounding GDPR – this article aims to put common misconceptions straight and help you protect your business from potentially hefty fines.
Misconception #1 – It only affects companies based in the EU
Although GDPR is an EU law, it doesn’t just affect EU based companies. It affects any company that stores and uses information relating to any EU citizen regardless of where the company is based. It’s the first global data protection law.
Therefore, if your customer is based in an EU country or you hold any personal data (the definition of which has been expanded – see our free eBook for more info) of any EU citizen it will affect you and your business. The fact that the UK is in the process of leaving the EU also has no impact on our need to comply with this law.
The only way you don’t need to comply is if you can 100% prove that you do not hold or use any information about any citizens of any EU country.
Misconception #2 – It only affects big companies
The size of the company is irrelevant – it affects everyone. Whilst larger companies will of course be more visible to the regulating authorities, size doesn’t matter – a smaller company could be just as at risk of a data breach as a larger company. Therefore, GDPR applies to all companies worldwide that process the personal data of European Union (EU) citizens.
Misconception #3 – It will only affect my marketing department
You are correct that it will have a major impact on your marketing department (mainly due to the changes in gaining consent and the use of personal data – see our free eBook) but it will affect your whole business not just your marketing.
All departments that access, store and utilise personal information will be affected and should be aware of the GDPR implications in their role. At the very least all staff should undergo training on the best practices regarding safe storage and use of data, identifying and notifying the right person within the company in case of a data breach and how your company’s systems and processes will be affected and updated to comply.
Misconception #4 – It won’t be enforced anyway so I don’t need to worry about it
In the UK, compliance with the new regulations will be monitored and enforced by the ICO (Information Commissioner’s Office) and the fines for non-compliance and data breaches are massive – up to €20 million or 4% of group annual global turnover, whichever is the greatest! Is it really worth taking that risk? That level of fine could quite easily destroy even a large business.
Misconception #5 – It doesn’t come in till next May so we don’t need to think about it yet
This is a huge overhaul to the way in which data is obtained, recorded, stored and used – it will likely affect your entire business and all of your internal processes will at least need documenting and checking for compliance if not updating. Therefore, leaving this to the last minute really isn’t a good idea, especially considering the huge fines that are possible.
Have your say!
Did we answer all of your questions or do you need more help? Let us know with a comment below.
- Entanet Opinion: How will the GDPR and ePrivacy Directive affect your marketing?
- Entanet Opinion: Update 2 – Could new data protection rules mean the end of SMEs?
- EU GDPR Website
- ICO Website: Overview of GDPR
- DMA Website: General Data Protection Regulation
- ITGovernance.co.uk: The EU General Data Protection Regulation (GDPR)
- The Register: Last year’s ICO fines would be 79 times higher under GDPR
Rate our article...