Dowiedz się więcej na temat naszych produktów. Zobacz nasz blog
  • EN
  • PL
  • 10 GDPR myths

    Since its introduction in 2018, the General Data Protection Regulation (GDPR) has gained significant attention. It has become one of the main topics of debate concerning privacy protection. Many myths and misconceptions have arisen around GDPR. Here are ten of them that are worth debunking!

    GDPR only applies to large companies.

    False! GDPR applies to any organization or individual who processes personal data of European Union residents, regardless of the company size or type of activity.

    Breaches in GDPR always result in massive fines.

    While significant fines are possible for non-compliance with GDPR, in reality, regulatory authorities aim to first educate and assist companies in adhering to the regulations.

    Personal data is just a name and surname.

    Mistake! Personal data encompasses any information that can be attributed to a specific individual. This includes an email address, phone number, location, or data related to online activity.

    10 GDPR myths

    Consent is always needed to process data.

    Not always. There are various legal grounds for data processing, including contract execution or the legitimate interest of the administrator.

    Data can be stored indefinitely.

    False. According to GDPR, personal data should only be stored for as long as necessary for the purposes for which it was collected.

    GDPR only applies to companies based in the EU.

    It applies to any company that offers goods or services to EU residents, regardless of its location.

    GDPR prohibits the storage of backup copies of data.

    This is not true. Backup copies are essential for data security, but they need to be adequately protected and in compliance with GDPR principles during their storage.

    If a company uses a third-party service to process data, it’s not responsible for any breaches.

    Wrong assumption. The company that outsources data processing still bears responsibility for its security.

    GDPR only concerns electronic data.

    Not just that. GDPR pertains to data processed both in electronic and paper forms.

    Every GDPR breach must be reported to the relevant authorities.

    Not all. Reporting is only required in cases of breaches that might lead to a “high risk to the rights and freedoms of natural persons.”

    In conclusion, GDPR introduced many significant changes in the field of personal data protection. To comply with regulations appropriately, it’s essential to distinguish facts from the myths circulating around this regulation.