6 GDPR myths businesses should be wary of

May 15, 2018

6 GDPR myths businesses should be wary of

With just two weeks to go until GDPR comes into effect, your organisation should be well on the way to becoming fully compliant. This includes a full audit of all the data you hold (and why), securing the support of staff in adhering to the new legislation and beginning to look at improved software and practices you can employ to better safeguard against cyber threats.

The above three steps only really scratch the surface of what GDPR entails. The regulation has a broad range of expectations, much of which is misunderstood by business leaders I speak to. Below are the seven most common GDPR myths I’ve come across in my conversations:

  1. The UK is leaving the EU, therefore GDPR won’t apply in a year’s time’

While the legislation was agreed in Brussels, GDPR will still apply to UK companies regardless of the UK leaving the European Union.

  1. ‘Personal data that is already in our database isn’t subject to GDPR’

All data that your business holds, irrespective of whether it’s been acquired before or after the May 25th deadline, is subject to GDPR compliance rules. This is why you’ll have been receiving so many opt-in/opt-out emails recently.

  1. ‘Good encryption software is all you need to be compliant’

Effective encryption services – such as those which Galaxkey offer – are essential but it’s really only the first step. GDPR requires so much more of businesses; such as documentation on why people’s data is being collected, descriptions of all information held and how long the business is keeping it for.

  1. ‘Our data is stored with a cloud service provider so GDPR is their responsibility’

Both the cloud service provider and your business have a responsibility to ensure your customer data is protected and GDPR compliant.

  1. ‘We are US based, so GDPR does not apply’

GDPR’s reach is as wide as its measures are broad. All businesses that handle personal data of EU citizens in any capacity are subject to the compliance measures.

  1. ‘GDPR is an unnecessary and punitive measure against organisations’

GDPR is data protection evolving to meet modern requirements by building on laws and foundations that already exist, such as the UK Data Protection Act 1998. The regulation is not about fines and punishing businesses but instead about putting the consumer and their security first.

GDPR Ready

The far-reaching and thorough nature of the GDPR legislation has caused some business to stick their heads in the sand, hoping that the May 25th deadline will come and go without many repercussions. This strategy could prove very costly, €20 million or 4% of global annual turnover-type costly.

Making sure your business isn’t in danger of falling foul of one of the above seven myths is the first step towards modernising your data security practices and protecting your consumers. Galaxkey offers a range of products and services to help you do so – you’re welcome to connect with me or visit our website if you’d like to hear more.