As you probably know, all of Europe has recently gone GDPR mad, though not necessarily for all of the right reasons. The General Data Protection Regulation was enforced on the 25th of May, 2018, and was created in order to give everyday citizens more power and control over how their personal data is utilized by companies, big and small, across Europe, and indeed, the globe. As beneficial as GDPR is for businesses and everyday individuals, it is still a fairly complex regulation that some people are not entirely familiar with. Others believe they know everything there is to know about GDPR, when in reality they’re very much mistaken. As it is so complex, and because it’s so new, there’s a lot of misinformation out there regarding GDPR, which needs clearing up. For that reason, if you read one article about GDPR read this one, as we guide you through a series of myths and misconceptions about the general data protection regulation.
B2B isn’t affected by GDPR
One of the most common myths associated with GDPR, is that B2B (Business to Business) organizations are not affected by the new regulation that was recently rolled out. This is simply not the case. If your company stores one piece of data about just one person located in the EU, whether it be their name, email address, phone number, or anything else, GDPR will apply to you. Just because you happen to be a B2B organization, don’t assume that GDPR doesn’t apply, because as mentioned, it could!
Once employee data is taken care of that’s it
Another common GDPR misconception is that once an organization’s employee data is taken care of, assuming they don’t deal with the outside public, that’s pretty much it. Well, not exactly. You see, your business will almost certainly have the contact info for other individuals, whether it be suppliers, advisors, or anyone else. If you have their info, that too needs to be taken care of.
GDPR is just about security
Although it’s true that one of the main reasons why GDPR was introduced, was to help ensure that the personal info of everyday individuals was made safer and more secure, this is by no means the only reason why GDPR was introduced. One of the main reasons for the introduction of GDPR was to give everyday people back a level of control and power. Before GDPR, under the previous data protection act in the UK, if a person was to contact a business to request that they relinquish their personal details, that person would have to pay £10. How unfair is that? £10 to get back your own personal data. Thanks to GDPR however, it is now completely free. GDPR does indeed focus on security, but primarily it was introduced as a means of tipping the scales of power back into everyday individual’s favour once more.
GDPR is just about avoiding heavy fines
If a business is found not to be GDPR compliant, they face the possibility of a hefty fine. They could for example, face fines up to 20 million Euros, or 4% of their annual global turnover. Both of these options don’t sound appealing, but becoming GDPR compliant shouldn’t simply be about avoiding heavy fines. GDPR tightens up security measures, which in turn reduces the likelihood of a data breach. This builds trust with your customers, and trust strengthens relationships and helps ensure that your customers remain loyal to you, and that they trust your brand. GDPR therefore, isn’t just about avoiding a fine, it’s about establishing trust and strengthening your brand.
Every personal data breach will have to be reported to the ICO
GDPR has a lot of people panicking and being overly-cautious, especially when it comes to the possibility of a data breach. In the unlikely event of a data breach however, one common myth is that every single one will have to be reported to the ICO. This isn’t the case. If a data risk does occur, reporting it will indeed become mandatory, but only in the event that it looks likely to risk individual’s freedoms and rights. If the breach looks highly unlikely to risk their rights and freedoms, it won’t necessarily need to be reported.
You will definitely be fined if you are found to be in breach
As mentioned, potential fines can be UP TO 20 million Euros, or 4% of your business’ annual turnover, but that doesn’t mean that that’s what you will have to pay if you’re found to be in breach. Fines are proportionate based upon the scale of the business in question. Say for example, you turnover around £20,000 annually, you won’t suddenly be hit with a 4 Million Euro fine if you’re found to be in breach. In fact, if you report a breach, are open and honest, and prove that you have taken the necessary steps to rectify the issue and prevent it happening again, a fine can be avoided altogether. According to the UK Information Commissioner, Elizabeth Denham, the best way to avoid a fine is to ‘tell it all, tell it fast, and tell the truth’.
If you want to learn more about GDPR, check out our handy infographic below.
Niall Bennet is the community manager at Online-Shopping.ie. He has a background in web design and marketing and works day to day on improving user experience and website functionality. When not working, Niall enjoys rugby and swimming.