Things to consider for GDPR compliance and misconceptions

The European union parliamentary measures designed GDPR in its latest series to put the highest levels of security and protection around personal data. EU data protection act is enforceable from may 2018.

The design of EU GDPR declares that “ it is the fundamental right to provide protection for natural persons who are in relation to the procedure of personal data. European Union has always elevated its first point of view is a customer. Sequentially, it was based on transborder flows of personal data and privacy protection.

Through safe harbor agreement, both EU member states and the US signed the deal, resulting in the requirement of GDPR principles. Through comprehensive law backed by unparalleled steep fines, the fines which could cripple a business that violates its policies, up to 4 percent of a company’s total revenue.

No matter where the data travels, GDPR compliance provides security protection to EU citizen’s data in a conceivable way. The interpretation with which GDPR operates is of two kinds, they are data collection and processing. These provide the basic engine on which most businesses run. It strives to protect data, gives a consumer the overall control of what happens to it.

The consumer is provided with various ways by GDPR compliance they include to control, monitor check, and if required, can delete the data. Pseudonymization, anonymization, and encryption are the tools which are promoted by GDPR. Distinguishable information can be removed by anonymization, so that same data can never be tied back to the user. Pseudonymization lies between recognized data and anonymous data. With pseudonymization, the data can be put back together even if it is anonymized and separated. For example, if a user is assigned with one identifier and location by the system, another for the browser that can only be tied back to the user if it is put together with their date of birth, which is kept separately. This separation rule promotes pseudonymization over anonymization.

Misconceptions about EU GDPR

Misconception 1

Small businesses can be exempted.

There is no exclusion for small businesses under GDPR. It is neutral about the firm’s size and clear about its data privacy regulation.


Misconception 2

Companies which are not in European Union cannot be sued under GDPR.

It is applicable to EU citizen’s data irrespective of his location.


Misconception 3

The company is unaffected if it is outside the US and does not have relation with EU countries.

NO. The EU data protection law applies to citizen’s data where ever the one resides.


Misconception 4

GDPR entirely relates to data that has been provided by users.

Nope. It applies to all the data generated, collected or related to a user, whether it is provided by them or not.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 5 =