GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



      • Recent Topics

      • Subform Disabled Fields Should Remain Disabled on Edit/View

        Currently, when we disable a subform field using on user input or on add new row, it works perfectly during the initial data entry. However, when the record is saved and reopened for viewing or editing, these disabled fields become editable again. This

      • AI generated meeting notes associated to Account or Deal

        As our organization works to improve efficiency we are looking for a solution to leverage AI to generate meeting notes and then add those notes to a CRM record such as an Account or Deal. I see Zoho has a Notebook AI offering that talks about the ability

      • How do I see the total leads during a certain period?

        I understand I can get the count of leads and potentials but the total number of leads in a certain period should be equal to Leads+potentials because when we convert a lead it gets moved to potentials and no longer exists there. is there a way i could

      • How do you print a refund check to customer?

        Maybe this is a dumb question, but how does anyone print a refund check to a customer? We cant find anywhere to either just print a check and pick a customer, or where to do so from a credit note.

      • Enable Screen Recording in Zoho WorkDrive Mobile Apps (Android & iOS)

        Hi Zoho WorkDrive Team, How are you? We are enthusiastic Zoho One users and rely heavily on Zoho WorkDrive for internal collaboration and content sharing. The screen-recording feature in the WorkDrive web app (similar to Loom) is extremely useful- however,

      • Scheduling a meeting for just a 1:1 phone call

        My business is B2C and many of my customer's don't want to engage in an online meeting for what can be handled in a regular phone call. I am trying to create a new meeting invitation, but there is no venue optoin for "phone call". How are other's handling

      • What is Resolution Time in Business Hours

        HI, What is the formula used to find the total time spent by an agent on a particular ticket? How is Resolution Time in Business Hours calculated in Zohodesk? As we need to find out the time spent on the ticket's solution by an agent we seek your assistance

      • Send Whatsapp message from Whatsapp template with custom variables

        Hi, I'm trying to do some basic integration for sending WhatsApp messages from Zoho CRM using Zoho Desk whatsapp templates. When creating new whatsapp template in Zoho Desk we can choose ticket related fields as variables but it's not clear how to use

      • Good news! Calendar in Zoho CRM gets a face lift

        Dear Customers, We are delighted to unveil the revamped calendar UI in Zoho CRM. With a complete visual overhaul aligned with CRM for Everyone, the calendar now offers a more intuitive and flexible scheduling experience. What’s new? Distinguish activities

      • Empowered Custom Views: Cross-Module Criteria Now Supported in Zoho CRM

        Hello everyone, We’re excited to introduce cross-module criteria support in custom views! Custom views provide personalized perspectives on your data and that you can save for future use. You can share these views with all users or specific individuals

      • Change Currency symbol

        I would like to change the way our currency displays when printed on quotes, invoices and purchase orders. Currently, we have Australian Dollars AUD as our Home Currency. The only two symbol choices available for this currency are "AU $" or "AUD". I would

      • File Field Validation

        Hello all, We are tracking our customer NDA agreements in our CRM and have created 2 fields to do so, an execution date field and a file upload field. I want to create a validation rule to ensure that when the execution date field is populated that the

      • Hide "Section" headers when using a form as a subform in "List view"

        When using a form as a subform and setting the "View Type" to "List View" it is not possible to hide the section headers. This can become an issue if I have a section which is not applicable to this subform and I hide the fields within that section and

      • Super Admin Logging in as another User

        How can a Super Admin login as another user. For example, I have a sales rep that is having issues with their Accounts and I want to view their Zoho Account with out having to do a GTM and sharing screens. Moderation Update (8th Aug 2025): We are working

      • Users Name & Email in Reports

        Hi, I would like to show the Users Name from their Zoho Acount in All Entries/Reports as well as the current Account Email. Thanks Dan

      • Add additional field to quick search results

        IN the advanced search, we can add any field to the columns. In the regular search results (before you press enter, there is no option to modify the results. It would be super useful to include a custom field where it currently displays the pipleine

      • Books API Receiving an Error that Doesn't Make Sense when Creating Credit Note - trying to use 'ignore_auto_number_generation' argument

        Hello, I'm working on a newly created routine and I'm getting an error that doesn't make sense when trying to create a new Credit Note. Here is my POST request. Endpoint: https://www.zohoapis.com/books/v3/creditnotes?organization_id=########## Body:     {

      • Bug Report and Suggestions for Improvement in Zoho Applications

        Hi Zoho Team, I’d like to report a few bugs and improvement suggestions I’ve noticed while using Zoho products: Zoho Cliq Video Call: The camera sometimes turns off automatically during video calls. This seems to be a bug — please check and fix it. Zoho

      • Audio/video quality issues with Zoho Meeting – Any roadmap for improvement?

        Hi Zoho Team, We’ve been using Zoho Meeting for both internal and external meetings, and unfortunately, the experience has been consistently poor. The video and audio quality are so unreliable that it often renders meetings ineffective—especially with

      • Need Help: Updating Related Records via Subform Entries in Zoho Creator

        Hi everyone, I’m trying to set up a workflow in Zoho Creator where each row in a subform updates related records in another form automatically. Here’s the situation: My main form (e.g., “Receipts”) contains a subform where each row selects a related record

      • Zoho Desk - Community - Customer Portal - Description Field UX Improvement

        Hi Zoho Desk Team, As a prolific user of Zoho Cares Community, I find it very frustrating that I cannot increase the size of the Description box (this one which I am typing this message). Many apps with multi line text fields have a small handle in the

      • Add the same FROM email to multiple department

        Hi, We have several agents who work with multiple departments and we'd like to be able to select their names on the FROM field (sender), but apparently it's not possible to add a FROM address to multiple departments. Is there any way around this? Thanks.

      • Can I change the format of the buttons in the email templates?

        Hi all! We have been working hard trying to brand our email templates, and have some way to go yet. One of the things we can't seem to edit is the green ${Cases.CUSTOMER_PORTAL_BUTTON} button and the font of the View Ticket text. Is there any way of doing

      • Introducing parent-child ticketing in Zoho Desk [Early access]

        Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-child

      • I NEED MORE CUSTOM FIELDS!!!

        Why can I only have 60 custom fields!  It's not enough.  I want another 100 extra custom fields to do what's necessary for my business!  I'm sure I can't be the only one with this problem!!! How hard would it be to fix this?  Just fix it for me please at least!

      • Call transcrition working for ringcentral?

        I don't see anything about what telephony providers can be used. The Zoho support person A said that RingCentral isn't supported. Zoho support person B said that it works, just make sure the call recording link works. Excellent instructions here: Call

      • Zoho Analytics - Feature Request For Time Based Data Source Fetch

        Hi Analytics Team, I have a client using Zoho CRM and they want a weekly report at 4:30pm every Friday, emailed to the sales team showing a pie chart of Closed Won Deals for that week. This is easy to achieve in Analytics but not so easy to ensure the

      • Zero Personalization of the File Sharing Experience

        By now (2025) this is the maximum level of personalization available for a Zoho sharing link. We gently asked Zoho if we could modify at least the background, and they replied that it cannot be customized. We're truly disappointed – and surprised every

      • Lead to Contact Conversion with multiple email address fields

        We are a B2C business with a strong repeat cycle, and as such it's not uncommon for customers to use multiple email addresses with us. We have both our Contacts & Leads modules set up with 3 email fields. (Primary Email / Secondary Email / Historic Email)

      • Introducing Dark Mode / Light Mode : A New Look For Your CRM

        Hello Users, We are excited to announce a highly anticipated feature - the launch of Day, Night and Auto Mode implementation in Zoho CRM's NextGen user interface! This feature is designed to provide a visually appealing and comfortable experience for

      • Does Thrive work with Zoho Billing (Subscriptions)?

        I would like to use Thrive with Zoho Billing Subscriptions but don't see a way to do so. Can someone point me in the right direction? Thank you

      • Resizing a Record Template Background Inage

        Hi everyone, I have an issue which I can't seem to resolve: Basically, I'm designing a record template in certificate form. I've specified A5 landscape. I've set my background image the same dimensions with total pixels at 443,520. Whatever I try, when

      • Exporting Charts from ZohoCRM

        Hi...I'm relatively new to ZohoCRM, but very happy with it so far. I have all my leads and potentials accurately entered, and like the reports that I can view, with charts at the top of the data. But when I export the data, I'm receiving only the data, whether I export as excel, csv or pdf. How can I export both the chart and the data? In case it makes a difference, I'm using the free version right now. I tried researching the other editions to see if a paid version of the software offered the ability

      • Zoho CRM - Scheduled Reports Which Contain Chart

        Hi Zoho CRM Team, I'm requesting that the Report Export and Scheduling feature be enhanced to include a chart, if one has been created on a report. At the moment I have a report which shows Sales This Week by Deal Owner and a pie chart at the top of the

      • Show price book list price

        When using price books, once you add products to the price book in the Products related list you can display the Unit price which is the default list price; however, there is no option to show the price book list price. To see the price book list price

      • Zoho FSM API Delete Record

        Hi FSM Team, It would be great if you could delete a record via API. Thank you,

      • "Authorize to Access Your Account"

        Hi, I'm trying to log into cliq on my phone but I can't. It says "Authorize to access your account - Verify your identity to access your account using oneAuth credentials", and asks for a password. I tried maybe 100 different passwords and nothing works.

      • Automatically Update Ticket Status in Zoho Desk Based on Actions in Zoho Projects

        Hi Zoho Desk Team, Hope you’re doing well. We’re using the Zoho Desk–Zoho Projects integration to manage tasks related to customer tickets, and it works well for linking and tracking progress. However, there are a few important automation capabilities

      • All new Address Field in Zoho CRM: maintain structured and accurate address inputs

        The address field will be available exclusively for IN DC users. We'll keep you updated on the DC-specific rollout soon. It's currently available for all new sign-ups and for existing Zoho CRM orgs which are in the Professional edition. Managing addresses

      • sms long credits

        I’m trying to purchase Long Code credits so I can send SMS campaigns to my contacts. However, when I click the “Buy Now” button, the page appears blank and doesn’t load any purchase options. Could you please assist me in purchasing the Long Code credits

      • Next Page