GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



      • Recent Topics

      • OPTED FOR STORAGE BY DESCRIPTIVE MISGUIDANCE

        We've opened a domain with three mail ids and payment has also been processed now the bill raised is for single use ID with additional storage capacity. Kindly request you to modify the purchase.

      • How can I add a new organization on Zoho Campaign

        I want to create a new organization with my Zoho Campaign

      • White Label certificate

        Hi all, About 72 hours ago, we fulfilled all steps for white labeling (CNAME to point to mail.cs.zohohost.eu), but since then the configuration page is now stuck at "generating certificate" since 3 days. When I execute an NSLOOKUP mail.webfoundry.be it

      • www.abc.com is working but abc.com is not

        I have my domain in godaddy. I have created a website using zoho sites and now I want to publish it and I tried doing it. Mapped the domain www.abc.com, abc.com. In godaddy changed the CNAME values. A, @ was parked and updated with zoho's IP address.

      • Split my account

        Hello, I recently bought an email service for a friend. But, looks like I used my personal account to buy the plan. Please split the account so that the email service stays in a different account than my personal account.

      • Have Mail Lite, wish to add/purchase 2nd domain and use email

        Hello, I have recently created two new businesses. I have successfully used Zoho to create a domain for one business and have set up two email addresses / users on that domain. I am trying to figure out how to create a second domain, just like I did the

      • Need support in setting up the company email and few other setups

        Need support in setting up the company email and few other setups

      • This mobile number has been marked spam.

        Dear zoho team, I am very happy to use zoho,because it india 🇮🇳 own app, but when we login into zoho account we facing some issue, please solve below issue ASAP. Add your mobile number As an added security measure for Accounts, you need to verify and

      • Add an external email to the allowed list

        I need to allow an external email to raise a ticket on Manage Engine ServiceDesk Plus. The external email is a outside of our domain and is not a domain user. The email address that needs to be allowed to raise a ticket request is noreply@formsatack.com.

      • Display name & account type change

        I made a mistake and subscribed with an individual account instead of business, how can I change the account type and enter the details of the business. The other question, if I can't, then I want the display name of our email to be 'Business name' instead

      • Request to change display name in Zoho mail

        Hello Zoho Mail Support, I am experiencing an issue with changing the display name on my Zoho Mail account. My email address is: info@witchcraftproduction.rs . I have already updated the display name in Settings > Mail Accounts, where it now shows as

      • Outbound IP address SPAM problem.

        Hello Zoho Support, We noticed that one of your outbound IP addresses (136.143.188.12), which delivers our domain’s mail, is currently listed on the UCEProtect blacklist. Because of this, our messages are sometimes flagged as spam by recipient servers.

      • Answer Bot and Personalized Questions

        Hi there, I have the same problem using the SalesIQ Answer Bot and the Zoho Desk Answer Bot (which really need different names, to be honest, in order to avoid confusion...) Customers that visit our website ask questions in the form of "What do you do?"

      • Forwarding

        How can I forward my Zoho account to my gmail account? Noël

      • Add a Way to Duplicate Cards in the Same Canvas (Retain All Settings)

        Dear Zoho SalesIQ Team, We would like to request a new feature in Zoho SalesIQ: the ability to duplicate an existing card within the same canvas while retaining all of its information and settings, including conditions, configurations, and display preferences.

      • Zoho Mail CC and BCC not working

        Zoho Mail CC and BCC not working. I have tried multiple combinations amongst my domain aliases but emails sent as CC or BCC never arrive, not even to Spam. I have checked that the DNS is set up correctly in Cloudflare and have even received a DMARC report

      • Zoho Autoplay Issue

        Currently, we run our graphics on a playlist with youtube videos interspersed in our office -- however, when we go to update the playlist (since last Thursday at around 8-9am EST) it no longer saves the autoplay function.  We have tried making a new account, manually saving with cntrl+s, making a new show, etc but nothing seems to work.  Even with our old program, we can't change it off of autoplay for ones that were created in the past. Another issue is that if we change a slide transition to anything

      • Critical Issue: Tickets Opened for Zoho Support via the Zoho Help Portal Were Not Processed

        Hi everyone, We want to bring to your attention a serious issue we’ve experienced with the Zoho support Help Portal. For more than a week, tickets submitted directly via the Help Portal were not being handled at all. At the same time no alert was posted

      • Adding hyperlinks in CRM emails time automatically

        It may just be me, but when I am writing an email to a lead, I find inserting a hyperlink very time consuming. Granted, I can use templates but there are a ton of scenarios where I might want to put a link in to an website that wouldnt require me to go though the effort of creating a template.  Ideally, the crm would identify that I that a string of text is a URL and insert the hyperlink automatically, just like microsoft outlook or gmail. Has anyone else had this same experience and found a way

      • Enhance "Applications Usage" with Date Filters, Historical Analytics & App-Level Breakdown

        Hello Zoho Creator Team, We are writing to request a critical enhancement to the Applications Usage section to improve our ability to monitor, analyze, and manage our platform consumption over time. While the current view of today’s usage is helpful for

      • External File Share - Allow delete

        Hi Team, when I share an external link and give it edit rights the external user can add but not delete files and folders. what am i doing wrong?

      • How to notify all members on any updates to zoho crm?

        Hi, I am using the free version of zoho CRM and currently seeing this will work for our company. We are a small company and wanted to be more informed about all the changes in zoho. 1. How do I s et notifications that go to the team for any and all changes

      • How to change the format for phone numbers?

        Mobile phone numbers are currently formatted (###) ###-####.  How can I change this to a more appropriate forms for Australia being either #### ### ### or (#)### ### ###?

      • Unattended Access on Android without Play Store

        I'm testing Zoho Assist for remote config and maintenance of our IoT devices. The devices are running Android 8.1 and do NOT have Google Play Store installed, nor can it be installed. I've been able to install Zoho Assist on the devices and load the enrollment

      • Open Sans Font in Zoho Books is not Open Sans.

        Font choice in customising PDF Templates is very limited, we cannot upload custom fonts, and to make things worse, the font names are not accurate. I selected Open Sans, and thought the system was bugging, but no, Open Sans is not Open Sans. The real

      • Is it possible to embed Zoho Bookmarks in the Cliq sidebar?

        Is there any way that each Zoho user can access their bookmarks (that live in https://bookmarks.zoho.eu/ which is technically a part of Zoho Mail) directly within Cliq? As a widget, or an item in the sidebar? My team does not use Mail, it uses Cliq all

      • Show Attachments in the customer portal

        Hi, is it possible to show the Attachments list in the portal for the particular module? Bests.

      • Kaizen #142: How to Navigate to Another Page in Zoho CRM using Client Script

        Hello everyone! Welcome back to another exciting Kaizen post. In this post, let us see how you can you navigate to different Pages using Client Script. In this Kaizen post, Need to Navigate to different Pages Client Script ZDKs related to navigation A.

      • Navigate with Ease: Announcing Improvements to Your Zoho CRM for Everyone's Setup Experience

        Hello Everyone, We’re thrilled to announce new enhancements to the Setup Menu in our Zoho CRM for Everyone system, designed to simplify your workday and streamline your overall experience. What's New? Addition of a Setup Homepage Faster Search in Setup

      • Zoho Projects Webhook fails with HTTP Error 0

        Hello Zoho Community, I am pulling my hair out over this one. I have setup a very basic http(s) server that always responds "ok" and code 200 to incoming GET requests. It will accept any parameters, and any path. Really, all it does is say "ok," and log

      • ZOHO Campaignで表のカラムの幅を調整したい。

        表を作成した際、個々のカラムの幅を調整したいのですが、方法が分かりません。 どなたかご存じの方ご教示ください。

      • Auto-upload Creator Files to WorkDrive

        Hi everyone, I’m working on a workflow that uploads files from Zoho Creator to specific subfolders in Zoho WorkDrive, as illustrated in the attached diagram. My Creator application form has two multi-file upload fields, and I want—on successful form submission—to

      • Exciting Updates to the Kiosk Studio Feature in Zoho CRM!

        Hello Everyone, We are here again with a series of new enhancements to Kiosk Studio, designed to elevate your experience and bring even greater efficiency to your business processes. These updates build upon our ongoing commitment to making Kiosk a powerful

      • Kaizen #129 : Client Script Support for Blueprints

        Hello everyone! Welcome to another week of Kaizen. Today, let us discuss about how you can use Client Script during a Blueprint transtion to meet your requirements. This Kaizen post will provide solution for the post - Need non-mandatory fields in blueprint

      • Search Bar Improvement for Zoho Commerce

        Hey everyone, I've been using Zoho Commerce for a bit now, and I think the search bar could really use an upgrade. Right now, it doesn't show products in a dropdown as you type, which would make finding items a lot faster. On Shopify, for example, you

      • Making digital signatures accessible to all: Introducing accessibility controls in Zoho Sign

        Hi there! At Zoho Sign, we are committed to building an inclusive digital experience for all our users. As part of our ongoing efforts to align with Web Content Accessibility Guidelines (WCAG), we’re updating the application with support that will go

      • Account Owner Field From Accounts Module to be Displayed in Contacts module

        I have a field in the Accounts Module in the CRM called "Account Owner" i want that field to be also mapped into the Contacts Module custom single line field called "Account Manager".

      • Update a field in the ZOHO Form, basis numeric value in another field in the same form

        I am trying to create a questionnaire in ZOHO, where clients need to answer 10 questions, and basis response, values are assigned. I have created a total score field where the sum of the values is stored. But i am unable to create a rule whereby another

      • How to update "Lead Status" to more than 100 records

        Hello Zoho CRM, How do I update "Lead Status" to more than 100 records at once? To give you a background, these leads were uploaded or Imported at once but the lead status record was incorrectly chosen. So since there was a way to quickly add records in the system no matter how many they are, we are also wondering if there is a quicker way to update these records to the correct "Lead Status". I hope our concern makes sense and that there will be a fix for it. All the best, Jonathan

      • Meet up de Zoho en Bilbao

        Buenos días comunidad! Estamos estudiando hacer un Meet up en Bilbao desde zoho y varios Partners. Para que la experiencia sea excelente, queremos saber cuantas pesonas se vendrían a Bilbao al evento. Y para que sea lo mas útil posible, que temas dentro

      • Next Page