When a piece of legislation like the GDPR comes along, it makes for a huge amount of noise which can create a lot of confusion. Not everyone has the time or inclination to read the official ICO documentation or, indeed, the Regulation which can mean that the truth becomes a little clouded. At Exonar, we’re trusted by organisations to put them on the path to GDPR compliance by putting data management at the heart of their strategy. Through the course of our work we’ve come across a few myths, so this short blog is here to bust them:
1) You Have Until 2018 To Be Compliant
In March 2016 the ICO issued guidance on what organisations should be doing to get ready, so if you’ve not already considered how the GDPR will affect your business, you’re actually behind. If you’re writing contracts today that will be in force during 2018, then those contracts must reflect GDPR legislation. This includes treatment of data on European individuals and making sure the relevant processes are in place should they wish to see their data, or request for it to be deleted.
2) You Don’t Need to Worry About GDPR If You Only Hold Data on Customers
GDPR applies to information held on any European individual. If you hold information on employees, prospects, contacts at suppliers, shareholders or customers, GDPR applies to you too.
3) It Doesn’t Apply to Companies Based Outside of the EU
What matters for the GDPR is the data that you hold – not the location of your organisation or data stores. Even if your company is located outside of the EU, if you’re holding data on European individuals, the GDPR still applies.
4) If Your Databases Are Secure, You Don’t Need to Worry
The big question here is how do you know for certain that your data is secure? We regularly find that organisations have terabytes of unknown “hidden” data across their networks in the form of decommissioned servers, emailed spreadsheets, development databases and other unexpected places (you can find greater detail on unknown data in our whitepaper). Unless you can provide proof that you have conducted a detailed audit of the data that you hold on individuals, we would be very wary of assuming compliance. The unknown data in your business could be what causes you to become unstuck.
5) GDPR Only Applies to Corporates, and Only to Data Controllers
GDPR applies to any organisation with more than 250 employees and places responsibility on both Data Controllers and Data Processors.
New legislation can feel overwhelming, and it can be tempting to leave it in the hands of the legal team, but we believe that our combination of straightforward advice, plus a software platform that reduces the cost and time associated with data management, puts you in control of the GDPR compliance process and gives you confidence that you’ll get it right first time.
To find out more about how Exonar could help you, get in touch.