The General Data Protection Regulation (GDPR) came into force in May 2018, and by the letter of the law, virtually every business in the UK needs to comply with it. However, there are still some misconceptions surrounding the law and what it means to organizations. This can lead to difficult situations where mistakes can be made.

Here are six myths about the GDPR that some individuals and business still believe are the truth.

Myth: The large fines are just a threat

The GDPR made headlines for a long time back early in 2018 before the regulations came into force. During this time, much was made of the extremely heavy fines that could be placed in businesses that failed to comply with the regulations. These were reported to be up to €20 million or 4 percent of global turnover, whichever figure is greater.

These numbers are obviously enormous, and some companies still believe that these account for nothing more than a threat which couldn’t be carried out. However, it is important to remember that large companies have faced enormous data protection fines in the past. For example, in 2016 WhatsApp was issued with a penalty of €10,000 for each day that they failed to comply with Dutch data laws.

This was before the GDPR came into force, but since the instigation of laws, there has been an extremely heavily penalty issued against Google for the company’s failure to comply with the rules. Indeed, France’s data protection agency, CNIL, fined the tech giant €50 million. It seems Google was not complying with a key part of the regulations and had failed to provide information to their customers about how their data was being used. The discrepancy between the €10,000 per day and the €50 million is enormous, and it shows (Read more...)