

Myth 4: All personal data breaches will need to be reported to the ICOįact: It will be mandatory to report a personal data breach under the GDPR but only if it’s likely to result in a risk to people’s rights and freedoms. Many of the fundamentals remain the same and have been known about for a long time – fairness, transparency, accuracy, security, minimisation and respect for the rights of the individual whose data you want to process. If your organisation is complying with the terms of the Data Protection Act, and has an effective data governance programme in place, then you are already well on the way to being ready for GDPR.

GDPR is simply building on foundations already in place for the last 20 years. Myth 3: GDPR is an unnecessary burden on organisationsįact: The new regulations do demand more of organisations in terms of accountability for their use of personal data, and it enhances the existing rights of individuals. The new law provides five other ways of processing data that may be more appropriate than consent. However, consent is one way to comply with the GDPR, but it’s not the only way.įor processing to be lawful under GDPR, you need to identify a lawful basis before you start. The GDPR is also explicit that you’ve got to make it easy for people to exercise their right to withdraw consent.Ĭonsent needs to be explained in clear and plain language, and organisations need to make sure that their existing consent meets the standards of GDPR, or it will need to be refreshed. The new rules clarify that pre-ticked opt-in boxes are not indications of valid consent. Myth 2: You must have consent if you want to process personal dataįact: The GDPR is raising the bar to a higher standard for consent. The ICO has always preferred the carrot to the stick.
#BREACH AND CLEAR DEADLINE IS FUN HOW TO#
The ICO is committed to guiding, advising and educating organisations about how to comply with the law under the GDPR. But it’s scaremongering to suggest that they will be making early examples of organisations for minor infringements, or that maximum fines will become the norm.

It’s certainly true that under GDPR, the ICO will have the power to fine companies up to £17m or 4pc of turnover. It’s about putting the consumer and citizen first. Myth 1: The biggest threat to organisations from GDPR is massive finesįact: This law is not about fines. Because I know that most organisations want to get GDPR right when it comes into force.” Henry Cazalet of The SMS Works discusses some of the most common misconceptions around the upcoming GDPR.Īs GDPR frenzy hits fever pitch, The UK Information Commissioner’s Office (ICO) is keen to quash some of the more outlandish myths that have been swirling around.Īs Elizabeth Denham, UK information commissioner, put it: “I want to set the record straight.
