Top 5 GDPR myths

5 gdpr myths thumbnail

By now we all have heard about GDPR and the fines it brings, people have more privacy and safety online.

But is it all true about what they say about GDPR? Or there is some information that is not quite true as they say?

We bring you in this article the top 5 GDPR myths we found to be the best ones.

Number 1: Only Europeans have to comply with the GDPR

This is one of the biggest GDPR myths ever! It also turns out to be a bit confusing for some people to realize who has to comply or not.

The truth is, that the GDPR applies to all companies in the world working with European citizens data information.

Either your company is in the US or in Asia if you work with Europeans data you must comply with the GDPR.

To avoid fines some US newspapers blocked websites on Europe.

GDPR blocked content in EU

Number 2: All organizations need a DPO

The DPO is an important part of a big company, but not necessary for all of them.

DPO should be assigned if your organization is a public authority, or if it engages in large-scale processing of personal or sensitive data.

If your company is smaller or don’t process this kind of data, you should always be careful with the data your company holds but a DPO it’s not entirely necessary.

If you don’t know what a DPO or DPA is?

GDPR compliant

Number 3: GDPR biggest threat to companies is massive fines

The GDPR is not about fines, it is about protecting the data of the users online and in the real world.

It’s sure that there is legislation about 20M/10M fines or 2% to 4% of the annual revenue, but that’s not the focus of the law.

This is directed to enforce the law and make sure more companies respect it, comply with it and don’t mistreat users data abusively.

The big companies like Google and Facebook are the ones who paid the highest fines by now.

Google fined by the Commission on €4.34 billion

Number 4: All personal data breaches will need to be reported to the responsible authority

It will be mandatory to report a personal data breach under the GDPR but only if it’s likely to result in a risk to people’s rights and freedoms. So, if there’s not a risk to people’s rights and freedoms from the breach, you don’t need to report it.

Do you know how to report a data breach if it happens?

Data Breach

Number 5: When relying on consent to process personal data, consent must be explicit.

The consent must be “unambiguous”, not “explicit” (Art 4(11)).  Explicit consent is required only for processing sensitive personal data – in this context, something like “opt-in” will do the trick (Art 9(2)).

GDPR Free Checklist

Was this post helpful?