The GDPR, which entered into effect last Friday, May 25, certainly represents a dramatic change in how we view personal information, privacy and data. The media did what they usually do well, and the resulting articles managed to scare both business owners and regular people. The GDPR panic also culminated this month and lead to the development of many outlandish theories and dangerous misconceptions. We’ll try to debunk them in the following paragraphs.
“It’s a bunch of EU bureaucracy”
Representatives of every EU member state were present and helped shape the law in the form of Trilogues, where representatives from the Council of Ministers were also present. The law should actually reduce the amount of bureaucracy in the long term, as the law will be harmonised across the EU, allowing for easier cross-border expansion.
“The GDPR is a cash grab”
The fines are exorbitant, no two ways about it – up to EUR 20 million or 4 % of the company’s global annual turnover – but they are there for a reason. So far, large companies who mishandled data got off with a slap on the wrist. This regulation will ensure this won’t be the case. They (will) take the regulations seriously this time.
The GDPR will entail certain expenses when it comes to implementation, but the overall reduction in paperwork and data breaches will more than pay off over time.
Will there be new agencies and “committees”?
Not exactly. The already existing agencies (e.g. the ICO in the UK and the Data Protection Commissioner in Ireland) will become the regulatory bodies for their respective countries. Certain additional expenses will likely occur, but only to enable the bodies to do their work properly.
“The GDPR is bad for business”
It depends on what you consider ‘good’. Companies should feel responsible for their customers’ data; by organizing and keeping the data secure, there is little to fear. These rules have been in place in some form for decades, and now it’s a matter of refining and, of course, applying them in practice for once.
“The GDPR is an annoyance for users”
It might be, but it is only because now you, as a user, can clearly see what your data is being used for. Too much text? Well, that’s the point – your data has been used for purposes unimaginable to most.
As it turns out, dozens of consent e-mails sent in panic before May 25 were also in some cases unnecessary, adding to confusion.
“I will have to register everywhere”
Just the opposite – companies will be warier of how much data they store and why. In the future, you’ll be much more likely to access certain services anonymously than this is the case today.
“It’s a step closer to mass surveillance”
This is a dangerous myth, since the GDPR should actually help citizens avoid all forms of surveillance. Under the GDPR, you have the right to be noticed whenever someone collects your personal data, and you can ask them to delete it in some circumstances.
Besides, most countries prescribe a mandatory notice in case of CCTV surveillance, with the sign visible before you enter the area being monitored.
Will kids be forced offline?
Not exactly. There have been fears, but in the end, what we will get is a much safer environment for children. Parental consent will be required in cases when children under 16 try to access certain online services, giving parents more oversight of what their children are doing online.
“I won’t be able to call my friends”
The GDPR does not apply to processing of personal data by natural persons for non-commercial household or personal activities. This includes e-mails, social networking or other processing of contacts.
“Companies are leaving en masse“
Even though there have been reports of companies leaving the EU or blocking EU customers, the fact is simple: the market is too large to ignore and even non-EU companies will comply with the new law.
Not only that; the GDPR should create a knock-on effect which should benefit even non-EU consumers as companies realise applying GDPR equally to everyone is in most cases the most effective option.
“I will have to ask for consent to reply to e-mails”
This is untrue both whether you’re dealing with personal or business e-mails. When you get an e-mail, you have every right to answer the query. What you cannot do is “cold e-mail” anyone without their consent, or without another lawful basis.
“It only protects the rich”
The GDPR gives equal protections to all individuals, no matter their income or wealth. Besides, data subject access requests are in most cases free. It is also easy to appeal to the supervisory authority – free via e-mail, or at a cost of a postage stamp.
The rich are also more likely to be a media target. The GDPR places journalism in high esteem and allows for exemptions when data is processed in such cases, so it is difficult, if not impossible, to hide behind the GDPR in a bid to censor the press.
“It will hurt the freedom of the press”
The GDPR allows for exemptions relating to journalistic, academic, artistic and or literary expression in order to nurture the right to freedom of expression. This means that GDPR simply cannot be used as an excuse to try to censor the media (both print and digital).
No prayers without consent?
Some churches fear they won’t be able to hold prayers for their members without their consent. This is false. However, priests should refrain from telling churchgoers that a certain person is ill without their consent.
“Charities will go bankrupt”
Nothing in the GDPR forbids you from giving your consent to charities or other organisations so that they can remind you whenever it’s time to donate. They just won’t be able to contact individuals indiscriminately.