7 popular myths about GDPR
GDPR has been in effect since 2018, yet it is still steeped in misconceptions. Let’s look at some of the ubiquitous myths associated with the European General Data Protection Regulation and debunk them.
GDPR only applies to European companies.
GDPR affects any company which collects and processes personal data of EU citizens, regardless of where it is based. No matter whether you are located inside or outside the European Union – if you work with European citizens, you have to be GDPR-compliant.
We don’t work with European customers and don’t have any offices in the EU, so GDPR doesn’t apply to us.
The idea behind the GDPR is to protect EU citizens wherever they live, work or even travel. In fact, GDPR requirements apply not only to customers but also to employees or even job candidates whose personal data you process. Moreover, a single European citizen in your marketing database means you have to ensure GDPR compliance.
Ensuring data protection is an IT security administrator’s problem.
Whenever people hear of data protection, they immediately make a conclusion that it is something the IT department should deal with. However, ensuring GDPR compliance is a company-wide issue that spans all business units – from IT and Legal Departments to Marketing and Board of Directors, and ultimately it’s the CEO who is held accountable. We believe, GDPR is going to revolutionize the way companies handle data and impact every unit and every employee in the company encouraging everyone to treat personal data with respect.
We have complex cybersecurity and encryption mechanisms and won’t have any data leaks. GDPR is not our issue.
Data security is, of course, very important, but GDPR is much more than that. It is about respecting personal data and storing and processing it only when you have to and upon the person’s consent.
Our employees understand how to handle personal data.
Most breaches happen accidentally. When employees are given proper training, the risk decreases significantly, but it is still there. Therefore, it is extremely important to set up rigorous processes of storing, transferring and erasing data.
We are only a small company, so we won’t be caught or fined under the GDPR
It is a popular misconception that only bigger companies will be targeted, as they process larger amounts of data. In fact, many Data Protection Authorities have explicitly expressed the intention to target companies based not on their size or reputation, but on the severity of the offence. Any company processing personal data without sufficient safeguards is likely to end up in trouble, regardless of the size. A complaint from a customer or an employee may be another trigger for DPAs to get involved, and this is something which can happen to any business.
Software ensuring GDPR compliance is too expensive to install and too complicated to use. It’s not worth it.
GDPR is indeed a complex and comprehensive document. However, ensuring compliance doesn’t have to be difficult. At Actonic, we have developed a convenient, flexible and customizable solution which will help you ensure full GDPR compliance in Jira and Confluence. It is a unique user-friendly all-in-one tool that will cover all your needs. Start your free trial now and see how it works.
For more information on GDPR compliance, check out more articles in this series:
- 4 easy questions to check if you are fully GDPR compliant
- Be GDPR compliant, Part 1: everything you need to know about getting consent in Jira and Confluence
- Be GDPR compliant, Part 2: ensure the right to erasure, find and anonymize PII in Jira
- New model of calculating GDPR fines is to increase possible penalties