The General Data Privacy Regulation (GDPR) passed in the European Union (EU) in May of 2018 and is one of the most popular topics of discussion among businesses that may or may not conduct business on an international level. Time and time again, however, businesses and even media publications have stated that GDPR isn’t important to them, simply because they’re either “not affected” or “not governed” by these regulations. Many hold the perception that GDPR only applies to those in the EU, or those that manage business directly in the EU. There is a misconception that the GDPR does not apply to businesses that do not offer goods or services to EU consumers, or process personal EU data. However, in all these scenarios, the GDPR rules and regulations still apply.
Here are three of the most common misconceptions about GDPR and businesses.
1. My organization does not process EU personal data.
One of the first misconceptions about GDPR results from an organization’s belief that they do not process personal data from the European Union. However, many people do not understand the full scope of the GDPR definition of personal data.
GDPR defines personal data as “anything that can directly or indirectly identify a natural person,” which almost all companies store in one way or another. This is in reference to any identifier such as name or identification number, location data or any online identifier such as IP address.
Additionally, many fail to realize the definition of processing as defined by the GDPR actually applies to any set of operations performed around data. This includes collecting information on customers and any recording, alteration, retrieval, consultation, use, erasure or destruction of this information. Combine the far reach of modern technology and the number of people living abroad,...
This content is available to IABC members only. To continue reading, log in below.