GDPR has been around for two years. We’re all GDPR compliant now, aren’t we? Not really. We’ve noticed that many companies are still struggling with certain misconceptions. This week, we’ll discuss three of these pitfalls. We’ll start with GDPR misconception 1: Data security = GDPR compliance.
Two years after the implementation of the GDPR legislation, the storm seems to have subsided. News outlets only reported spectacular data leaks associated with well-known names, such as LinkedIn, Dropbox and Uber, which caused others to tighten the screws on their internal data security.
Of course, this is important, but it also causes some to think that GDPR compliance only involves securing personal data. This is wrong. Securing personal data is just the bare minimum. GDPR is essentially meant to give EU citizens control over their personal data. Businesses should pay attention to respecting privacy and being transparent about how they process data.
Over the past two years, many companies prioritised the technical organisation surrounding GDPR. Overall, we expect that GDPR compliance will be enforced more stringently from now on. Not just by the Data Protection Authorities, but by third parties who (understandably) don’t want to wait until their personal information ends up in the wrong hands due to a data leak.
Companies should be able to inform people (consumers, employees, partners, etc.) about the personal data they process about them in a timely, clear and complete manner. Organisations should also make sure that they only store data for a specific purpose and don’t store data any longer than necessary.
In other words: companies can no longer hoard personal data and just ‘safely’ store it under lock and key. GDPR is more than just data security.