10 GDPR myths debunked

Don’t be fooled. GDPR implementation is a complex undertaking and being unprepared could have significant and expensive repercussions.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

On May 25, 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) will take effect throughout all European Union member states. GDPR is a new regulation by which the European Commission intends to strengthen and unify data protection for individuals whose data is managed by organizations within the EU and for EU resident data worldwide.

ciod aug cio100 primary 800x533 Jon Valk

Download the CIO July/August 2017 digital issue

In short, every country that does business in the EU must conform to GDPR standards. Many companies, particularly in the EU, are already well on their way to compliance.  Others are only beginning to consider the consequences of GDPR; they face months of hurried efforts to align with GDPR requirements.

While GDPR has been widely publicized and discussed, myths abound. 

Myth 1: GDPR is like Y2K

Some firms are tackling GDPR with the same hysteria prevalent during the Y2K millennium bug, approaching GDPR as a single project with a defined end date. But GDPR is not just a “point in time” activity. Also, many firms believe that phenomena like Y2K and now GDPR are overblown. But compliance with GDPR should be the default position for legitimate firms.

Myth 2: No one will get fined

Some think the risks of heavy fines are over-exaggerated.  But targeted enforcement is likely, and authorities may go after high-profile companies or companies with particularly egregious data processing faults. Assuming no one will get fined may pose high-impact risks.

To continue reading this article register now