There are many confused businesses and individuals, all concerned about the upcoming General Data Protection Regulation that is coming in a matter of weeks. The confusions and misconceptions are leading to a lot of false information being shared in networking groups all over the country. Today, we’re sharing a few of the most common myths to hopefully help you prepare and be fully compliant in time for May 25 2018.
Small Businesses Don’t Need to Worry, They Are Exempt
Don’t listen, this is false. All businesses, even the smallest ones with a couple of employees must comply. There are no exclusions at all, size really isn’t important.
The GDPR Doesn’t Matter for Businesses Outside the EU
The GDPR applies to all the data of the citizens inside the EU, it doesn’t matter where that data is being collected or stored. If you are outside the EU and you store any data of EU citizens, regardless of what and how much, the new regulation does apply to you.
All Personal Data is the Same
Not true. There are two types of data, private and sensitive. Private data includes the IP address, physical address, name and so on. Sensitive data includes sex, religion, medial information and education. Understand the type of data you collect and store and check the GDPR to see if you’re using it correctly.
You Must Hire or Assign a Data Protection Officer
False. You don’t need to have a Data Protection Officer (DPO) unless you’re developing a new product or a new data handling system or launching one. The DPO may then be required to assess the full impact of this brand-new system of product with a Data Protection Impact Assessment (DPIA). However, providing you have the abilities and resources to do this yourself you don’t legally have to hire a DPO. There are certain situations where a DPO is required, regardless of whether a DPIA is necessary:
- You deal with sensitive personal data
- There are more than 250 employees in your organisation
- You’re a public authority
- You monitor the activities of multiple people on a very large scale, such as surveillance using CCTV.
Audits Will Be Everywhere!
Some people are assuming that audits will be kicking off everywhere as soon as the GDPR is implemented. The experts do not expect this to happen, but they do assume that some larger businesses will be targeted. However, in the long run, the audits are most likely to tie in with data breaches.