1. "My business only trades B2B - GDPR does not affect us"

    FALSE - Any personal data which is processed by a company from employee data to email addresses for marketing contacts, is subject to the new regulations.

  2. "We are a UK company and the GDPR won't apply to us after Brexit"

    FALSE - When the GDPR regulation comes into force on the 25th May, the UK will still be an EU member state, and even after Brexit, if your company processes any information about EU residents, it is highly likely that GDPR will still apply.

  3. "We already comply with the Data Protection Act - we don't have to do anything"

    FALSE - The GDPR is one of the biggest overhauls to data protection we have ever seen. It is designed to modernise the laws to be more relevant to our modern technological world. If you comply with the DPA, then you are half way to GDPR compliance. For more information on the differences please see our blog https://bit.ly/2HsQWCq

  4. "GDPR is all about fines!"

    FALSE - It is not the objective of GDPR to hand out excessive fines, but to protect the privacy and security of individuals. GDPR is about putting data protection first, rather than as an afterthought.

  5. "Under GDPR, to process personal data, you must have consent"

    FALSE - It is true that GDPR is raising the bar for the standard of consent, but it is not the only legal basis on which you can rely for data processing. See our blog; https://bit.ly/2JvfiIr for further information on the legal bases for processing.