skip to main content

True or False: A close up on GDPR

by David Turnbull : Improve

True or False: A close up on GDPR

The General Data Protection Regulation (GDPR) will become the global benchmark on privacy that few organisations will escape from. With businesses trying to prepare in time for the May 2018 deadline and so many different claims floating around the GDPR, finding the facts amongst the fiction is sometimes difficult to entangle.

Below some of the most common misconceptions surrounding GDPR are addressed.

1. I am an organisation operating outside of the EU - the GDPR does not apply to me. FALSE

The GDPR affects every organisation that handles EU resident data, regardless of where this is processed. Whilst Brexit has sparked confusion for UK based organisations over whether the regulation will apply once Britain has left Europe, this does not affect the fact that most UK organisations are processing EU personal data in some shape or form.

In fact, such is the scale of GDPR, very few organisations will be able to escape the compliance requirements – both the UK and US need to prepare just as much as any other European country.

2. Non-compliance will always result in a 4% of annual turnover fine. FALSE

No organisation can guarantee 100% compliance by May 2018 as we cannot know what GDPR compliance looks like in its full entirety until the deadline. This is something that will only clearly take shape after May 2018.

The penalties have been made deliberately steep in order for businesses to take the GDPR seriously and push the regulation to the top of the business agenda. However, if your customer data is compromised or you suffer a breach, much of the GDPR requirements are demonstrative: you will need to prove to regulators and legislators that you have taken every reasonable step to protect your customer's data and that you are working on a compliance programme.

3. Organisations can rely on governments and regulators to support and implement the changes. FALSE

The GDPR is the individual responsibility of every organisation. Whilst many countries have supervisory authorities in place to oversee the use of personal data, an organisation will need to get to grips with its own data to prove to these government-appointed bodies that they have a compliance programme in place. These bodies have the power to inspect, enforce and penalise organisations whose processing of personal data does not match up to the requirements of the GDPR.

Being prepared is key, so make sure you take GDPR action now, if you have not done so already.

4. The GDPR affects the entire workforce within my organisation. TRUE

Creating a GDPR aware workforce, through educating every department on the correct means of data processing and protection is key- as this will be an ongoing process that will become a part of the DNA of your organisation.

The GDPR operates on a huge scale and so this will not only affect IT teams but every department from Sales & Marketing - who will need to gather data according to specific requirements for use in email campaigns and lead generation, to HR and Events who will have to ensure their data is deleted and maintained to uphold the privacy of the individual.


In an information age, the GDPR will affect almost every organisation worldwide in some shape or form and every department within that business. Preparing for May 2018 should be at the top of every business agenda to avoid those debilitating fines and ensure your workforce is aware of the 'dos' and 'do nots' of transacting data.

Make sure you start preparing today. Find out more about the Deltascheme approach.