Dispelling GDPR Myths

The General Data Protection Regulations are coming around quickly and the 25th of May will be here before we know it.  Despite all the information available regarding GDPR, the majority of UK businesses are still unsure how it applies to their business.  Here we dispel a few of the common myths

#1 With Brexit we won’t need to comply

FALSE

The GDPR was passed in April 2016 and so whilst some may think Brexit has an impact on this in reality it does not.  This legislation will still apply to UK companies dealing with the EU, regardless of whether the UK remains in the union.

44% of IT professionals in a recent poll indicated they were unaware or only vaguely aware of the new rules and are taking a let’s wait and see approach.  However, any business that offers services to EU citizens, irrespective of whether they are in the union or hold any data in the EU, will have to comply with GDPR.

#2 GDPR is just about cybersecurity

FALSE

Whilst cybersecurity is an important element to consider as part of GDPR, it’s about so much more.  A key aspect is personal data, what data is held, and how it’s used, collected, stored and accessed.  Businesses need to closely assess the impact of how data flows across their business and what the GDPR requires to ensure they are fully compliant.

#3 A third party manages our IT infrastructure, so we’re not responsible

FALSE

According to new GDPR rules, both controllers and processes are equally liable for any data breaches and need to demonstrate compliance through detailed processing of records.

There are implications for cloud service providers too if they are storing EU customer data. This can be addressed by adopting a comprehensive content management system that can assist with managing and controlling information, processes and policies.

#4 Holding documents electronically means I’m compliant

FALSE

Just storing this information electronically does not equal compliance.  Businesses need to adopt robust processes to enable full transparency and the ability to react quickly to any customer requests, and they will need to be dealt with in a timely fashion.  Solid processes coupled with a detailed document management system are steps in the right direction, but do not rely on data being stored on excel spreadsheets and disparate databases as you will be exposed.

#5 Printed material does not apply in GDPR

FALSE

GDPR affects all documents printed and electronic if they contain personally identifiable information.  There must be processes in place to keep track of all this data to ensure it remains secure and can be accessed and retrieved easily, as well as removed if required.

The GDPR is something that no company, large or small, can ignore.  If done correctly it can be a catalyst to drive real positive change across a business to enable them to reap a range of benefits to make them more efficient, more responsible, more productive and more profitable.