There’s been loads of scaremongering and misinformation in the press in recent months. Here, GDPR-MK set out to provide some clarity about GDPR so that businesses know exactly what they need to do to get GDPR ready:
Myth 1 – The ICO are just trying to make money out of businesses
This isn’t the case. Although there have been large fines for certain companies who have breached the guidelines (read about this airline) the ICO’s objective is for people to become compliant, not to fine people. If a breech occurs and you’ve dealt with it properly – the ICO will see that you’ve taken reasonable measures to be compliant then they are likely to issue you with a notice rather than a 20 million EURO fine. So the lesson here is to make sure you are compliant and have all your procedures and policies in place.
Myth 2 – If we’re BREXITING does GDPR still apply?
Yes it does. This particular piece of legislation will stand once the full Brexit process starts.
Things you should know:
GDPR will replace the current data protection act 1998. GDPR will remain in place post Brexit, but there are likely to be some local changes. It’s best to keep in touch with the ICO to see how this develops.
Myth 3 – GDPR only applies to personal email addresses.
This is the area of greatest conflict and misunderstanding. Let’s be clear:
- Personal email addresses, such as firstname.lastname@example.org fall within the GDPR.
- Email addresses that are NOT identifiable to an individual, such as email@example.com do NOT fall within the GDPR guidelines. So you can continue marketing to these email addresses without receiving double opt in.
- In our opinion, business email addresses such as firstname.lastname@example.org do fall within GDPR guidelines. If you carry out email marketing to people on your database with such addresses, you need to ensure you can demonstrate double-opt in for these contacts. You can still engage with these people via email if it is for legitimate business purposes, such as processing orders and dealing with projects and queries. However, these people should only appear on your marketing lists if you can demonstrate double-opt in.
To find out more about how you can make sure your business is GDPR compliant, take a look at GDPR-MK’s one hour FREE information session here.