Here are 7 GDPR myths (General Data Protection Regulation) or ’new Data Protection Act’. We hope this is of some help:
1) It only applies to computers. No, it all applies to all records containing personal data, including those stored on scraps of paper and written in quill pen.
2) You can buy a piece of software that will make you compliant. No! It is more about you knowing how you hold and process data and how you have other people hold and process your data. In other words, it is about you having policies.
For instance,
- How long do you retain a client’s information after they become an ex-client?
- How do you ensure that data is fully deleted if a client requests it?
- How do you gather data together is a client requests a portable, electronic copy of the data you hold on them? (and they are entitled to this.)
- and many more.
3) It will cease to apply after we leave the EU. Wrong! we are committed to upholding the GDPR after we leave.
4) It only applies to large companies. Wrong! It applied to all companies.
5) It only applies to the ‘owner’ of the data. No! This regulation applies to data processors as well.
6) You can continue to direct market to your potential customers. Do you have their informed permission? Was it given within a reasonable time?
7) If your company holds Cyber Essentials Plus certification you are covered. No! Read all the above again.
Here are the promised truths.
Yes, the top fine is €20M or 4% of global annual turnover, whichever is greater!
Yes, you do have to report all data breaches within 72 hours.
We are running a masterclass on Wednesday 22nd November. This will help you sort out the fact from the fiction.
See you at the masterclass to get it all sorted.
John