GDPR came into effect in May 2018, and yet there’s still quite a bit of confusion around the proper requirements for GDPR compliance.
Multiple articles and blogs have been written and shared about what GDPR means for a business. However, not everything you will have read about GDPR will have been true. In fact, there are quite a few popular GDPR myths out there.
With these GDPR myths floating about, we risk losing sight of what the legislation is really about.
GDPR came about because the EU basically wanted large internet companies to stop misusing the huge amount of consumer data that they had collected. It sets out exactly how businesses should collect and store personal data.
GDPR is basically about companies being more transparent, and consumers having more control over their personal data.
If a business isn’t GDPR compliant, they can be fined up to tens of millions of pounds, depending on the severity of the violation. It’s serious stuff.
Even if you feel like you’ve got it sussed, you might have been misled by some of the GDPR myths that are out there.
Feeling a bit overwhelmed? Don’t sweat it. To help you understand what’s actually true about GDPR, here are the 4 most common GDPR myths that you might have seen.
1. “GDPR only applies to companies based in the EU”
Wrong! If a company provides goods or services to anyone in the EU, it doesn’t matter where the business is based.
Still don’t think you need to be GDPR compliant? Well, guess what? Your website or your mobile app is a service and IP address are considered personal data. So, unless you block anyone from the EU from using your website and you don’t collect any personal information at all, you still need to comply.
GDPR is in place to regulate the gathering and processing of personal data, regardless of where it takes place.
2. “GDPR doesn’t apply to small businesses”
A lot of people think that GDPR only applies if a business has more than 250 employees. Wrong again.
Any company – big or small – will have to comply with the GDPR regulations. If they don’t, they’ll potentially face a pretty hefty fine.
The truth is that small businesses struggle a bit more with GDPR compliance. Small businesses process just as much information as some bigger companies, but they simply don’t have the time or the resources to be fully compliant.
This is one of the GDPR myths that there’s a little bit of a truth to, though. There are some slightly relaxed rules for smaller companies, but that only really applies if a business only occasionally processes personal data.
In general, even if you do qualify for some of the exemptions, you’ll still have to comply with pretty much every other aspect of GDPR. Better to be safe than sorry!
3. “Brexit means we won’t have to worry about GDPR”
Untrue. GDPR will still apply after Brexit. The UK’s exit from the EU won’t make a difference to GDPR.
This is because GDPR is already part of British Law, and the government have no plans to reverse it.
The government have said that the UK will implement their own GDPR equivalent post-Brexit – this is now known as the Data Protection Act 2018. So, nothing will change for your business as far as GDPR goes.
4. “GDPR is the death of email marketing!”
GDPR didn’t kill email.
True, it does require changes to how you build your email list, and many business’ lists will have significantly shrunk after GDPR. However, it’s not a massive loss.
If you think about it, these email addresses were either inactive or they just belonged to people who simply didn’t want to hear from you. Today, it’s much more effective to target your email campaigns towards the needs of your subscribers who genuinely want to engage with your brand.
Learn to organically build your email list and nurture your leads in the right way, and you’ll not only comply with GDPR, but you’ll have a stronger list of subscribers, too.
What I’m trying to say is, GDPR is actually an opportunity for your business. Make the most of it with your marketing strategy!
GDPR is about transparency
It’s not about the certificate on the wall – it’s how you treat your customers. They want to know that their personal information will be handled with care and respect. That’s the key.