Why are there even myths to bust?
Long answer short, people talk. Anything that is popular ends up being a long game of Chinese Whispers, for example, “blind as a bat” or your loo flushes in the opposite direction in the Southern Hemisphere. My point is, false information is easily spread, so i'm here to clear that up.
GDPR completely changes the way organisations need to handle their data.
GDPR is not a completely new set of EU data protection rules, it has been formed by a collection of pre-existing rules, primarily based on the Data Protection Directive. These rules have been around since 1995, so GDPR aims to make sure it fits the new digital age.
GDPR will stifle European innovation in the field of artificial intelligence (AI)
The protection of personal data and sensitive personal information is a fundamental right in the E.U. As such it applies to processing of personal data through artificial intelligence and robotics. However, when the data used for AI are anonymised, then the requirements for GDPR do not apply. GDPR has been developed and designed to be technologically neutral and provides the framework for the development of an AI respective of individuals.
Landlords cannot put the names of tenants of the doorbell
The GDPR does not require names to be removed from doorbells or mailboxes. Consent is only one of the legal basis on which data can be processed under the GDPR. Another legal basis applicable in this case is “legitimate interest” as people need to know who lives in the flat in order to contact the person at hand or just to deliver mail. If names on doorbells are addressed in the rental contract, the contract as such is another potential legal basis.
GDPR is overwhelming for small businesses
The obligations set out are not the same for all companies and organisations. The GDPR is not meant to overburden small businesses, the obligations are calibrated to the size of the business and/or the nature of the data being processed. For small businesses, processing less data which is not sensitive (such as political views, gender) then there will be fewer obligations to follow.
For example small organisations will not have to submit data protection impact assessments or appoint data protection officers.
GDPR makes journalism harder
The new data protection legislation takes journalism into account and provides them a sense of “freedom”. This means journalists are still able to do their work and protect their sources. EU member states shall, when necessary, provide for exemptions or derogation to the press in their national laws.
It doesn't affect other companies like Facebook as they are based in the US.
Non EU companies operating in the EU have to comply with GDPR too, no matter where they are based and where their data processing activities are occurring, all companies will be subject to the same sanctions if they break the rules. This creates a level playing field for both EU and non-EU companies.
GDPR does not give us more control of our information, companies simply ask for consent once and then do what they wish with my data.
Companies will have to ask for consent again if they wish to use your data for a second purpose (or sent to a third party) which was not originally stated. The GDPR states that personal data cannot be used without consent of the person concerned. Where your consent has been requested to process your data, you can, at any point in time, ask the organisation to stop processing it and withdraw your consent. THey must do so if they have not relied on any other legal grounds for processing your data.
GDPR Hinders political campaigning
Political parties can process data for campaigns, but only for reasons which sit within the public's interest and provided that appropriate safeguards are established.
The fines under GDPR can kill a business
Breaking the rules does not automatically mean you will be fined €20 million. The GDPR establishes a range of penalties for those who break the rules, although there are fines, there are other corrective measures such as warnings, reprimands and orders to comply with data subject’s requests. The data protection supervisory authorities decision to impose fines must be proportionate and based on an assessment of the circumstances of the individual case. If they decide to impose a fine, the €20 million or 4% of annual turnover is the MAXIMUM amount. The amount of the fine greatly depends on the circumstances of the individual case, including the gravity of the infringement or if the infringement was intentional or negligent.
GDPR WILL RUIN CHRISTMAS
GDPR does not prevent children from writing to Santa. It's accurate to say that GDPR rules are designed to protect your personal details being used without your permission. So all in all, it's up to the parents to decide whether their kids can share their wishlist or not.
I hope I have cleared some of the myths about GDPR that have been floating around the internet. I will be soon writing a guide on how to make your website GDPR compliant so make sure to subscribe to our newsletter to keep updated with all blogs.
PS. Whenever you are ready, here's how to grow your construction business...
1. Join our Facebook Group which built completely for businesses within the construction industry. Real people, real support. - Now also available on LinkedIn.
2. Keep up to date with Construction Insider Providing you with industry insight, tips & tricks and much more to make sure you are ahead of your competitors!
3. When you are ready, Become a Saint Financial Group client, and we will provide you with the highest quality solutions to effectively scale your construction business. Book your meeting here!