Whenever you want to know about anything or use it, first be sure of its misconceptions. Here are the ones about GDPR (General Data Protection Regulation).
Note the promise of GDPR
An IT person may promise that your GDPR is covered since they obey to set of practices for safety, such as ISO27K certification but this does not cover GDPR’s work.
For using personal data, agreement must be attained
GDPR is honored for giving people their control on data. Although this is true, getting consent isn’t required always. GDPR distinguishes all situations where data processing legally takes place with permission in numerous scenarios. It is essential and companies must know whenever it’s essential.
All businesses must hire data protection officer (DPO)
Hiring a DPO is not always required. It was listed by the European commission that cases where organizations must employ a designated DPO. Outside these, it’s suggested that an organization must assign people apart from DPO to be accountable to GDPR compliance.
It’s just a formality to appoint DPO
GDPR requires a data protection officer who has obvious expert knowledge about privacy besides data security. Just appointing a DPO isn’t sufficient, they must be sufficiently well-versed regarding company-specific data procedures as well.
If a company encodes data then they are GDPR obedient
It is a misconception that just by encrypting data, all GDPR requirements are fulfilled. Data encryption must be interpreted as the smallest standard, so need extra measures. Companies must give extra options for protecting personal data and deleting whatever is not used.
Data is kept in the cloud, so the accountability of data security is in a cloud provider besides security provider
The GDPR does not apply to companies which are storing data, it applies to those companies which process the data and those who use third party providers for storing data in data processing.