Continuing our series of short guides to help you navigate GDPR, today we explore what myths have sprung up about GDPR, and what the truth really is.
GDPR GUIDE 2: MYTH BUSTING
GDPR will become irrelevant to British businesses once the UK leaves the European Union.
The truth is that GDPR will apply to businesses that deal with customers within the EU, so even if when Brexit happens, the same regulatory burden will apply.
Responsibility lies with cloud and security providers – not the business.
This is actually one of the reasons the GDPR was developed, to accommodate new technologies that may currently allow organisations to circumvent the requirements. GDPR focuses on organisations that PROCESS data, not just those that store it. Any business that processes data will be impacted, regardless of whether or not it stores the data.
Powerful countries can get access to data in other countries
Any business in any country, that processes the data of EU citizens, has to be compliant. Governments are simply not allowed to operate freely outside of their own jurisdiction, and penalties would apply to any organisations that try to circumvent the regulation.
Business encrypts its data, so we are compliant with security regulations
Encryption alone is not sufficient. It should be regarded as the minimum standard with alternative mechanisms also being considered. This can include two-factor authentication and key management strategies to safely and securely store their users’ data or deleting data that is no longer needed.