GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



      • Recent Topics

      • What is the maximum file size of a video upload in Zoho chat?

        Can I upload a 20 mb video file and share it with my colleagues? 

      • Update a field in ALL all calls under a contact

        HI guys! I have written some deluge code to update a field in my calls after i have comepleted the call, i need this field to update in all my scheduled calls as well that are comeing up. I just cant seem to get it to work, i have put teh code below,

      • Automatic Matching from Bank Statements / Feeds

        Is it possible to have transactions from a feed or bank statement automatically match when certain criteria are met? My use case, which is pretty broadly applicable, is e-commerce transactions for merchant services accounts (clearing accounts). In these

      • Verifying Zoho Mail Functionality After Switching DNS from Cloudflare to Hosting Provider

        I initially configured my domain's (https://roblaxmod.com/) email with Zoho Mail while using Cloudflare to manage my DNS records (MX, SPF, etc.). All services were working correctly. Recently, I have removed my site from Cloudflare and switched my domain's

      • Fat Download of Ulaa Browser

        I just observed that Ulaa Browser is offering an one-capsule big download. These days it is a custom to offer a small bootstrap downloader and based on user customization options an appropriate download completes. And this is particularly common with

      • Cancelled Transfer order problem

        Hello, We've canceled a transfer order, and we can't add the related items to a new Transfer Order. The system tells us that the bin doesn't have the required quantity, but when we check the item, it indicates that there are 2 units in the bin. It also

      • Billing Management: #8 Usage Billing in Logistics & Delivery Services

        The logistics and delivery industry thrives on movement and precision. Every delivery completed, every kilometre driven, and every ton transported is a measurable activity. However, billing often lags behind. Many logistics companies still rely on fixed-rate

      • Tags for New Tickets

        Hi there, When creating a new ticket, there is currently no way to choose a tag you would like to associate with the new ticket. Being able to associate a tag while creating a new ticket will be very beneficial as it will save time and flow well with

      • Zoho Desk: No Incoming email

        Is Zoho Desk services down? No incoming email reflect to desk tickets.

      • Zoho CRM - Widgets | Update #3 : Introducing SDK V1.5 along with new ZDK Methods and ZRC Support

        Hello everyone! Widgets in Zoho CRM just got a big upgrade! With the release of SDK v1.5, developers can now create more immersive widget experiences. This update elevates Widget development with new ZDK methods for easier interactivity and ZRC support

      • Unusual activity detected, account blocked

        I am unable to send emails and am getting the error "Outgoing blocked: Unusual activity detected. To unblock your account, please and submit a request. Learn more.". I am unsure as to why this is happening since all my activity is legitimate, mainly confirmation

      • Unable to Send Emails – Outgoing Mail Blocked (Error 554 5.1.8)

        Description: Hello Zoho Support Team, I am facing an issue with my Zoho Mail account ( admin@osamarahmani.tech ). Whenever I try to send an email, I get the following error: 554 5.1.8 Email Outgoing Blocked I would like to clarify that I have not done

      • Issue connecting Zoho Mail to Thunderbird (IMAP/SMTP authentication error)

        Dear Zoho Support, I am trying to configure my Zoho Mail account on Thunderbird, but I keep getting authentication errors. Account: info@baktradingtn.com Domain: baktradingtn.com Settings used: IMAP: imap.zoho.com, Port 993, SSL/TLS, Normal Password SMTP:

      • Payment issue with Mail Lite plan – personal NIF not accepted as payment info

        Hello, I have already contacted Zoho Support by email regarding this, but since I haven’t received any reply yet, I’m sharing it here as well to see if the community can help. I’m facing a payment issue for my Mail Lite plan. I have a personal account

      • Customer payment alerts in Zoho Cliq

        For businesses that depend on cash flow, payment updates are essential for operational decision-making and go beyond simple accounting entries. The sales team needs to be notified when invoices are cleared so that upcoming orders can be released. In contrast,

      • Figma in Zoho Creator

        Hi Team, I’m creating a form using Figma and would like to know how to add workflows like scheduling, custom validation, and other logic to it. Can anyone help me understand how to set this up for a Figma-based Creator UI form?

      • Restore lost Invoice!

        Some time ago I tried to Upgrade from Invoice to Books. I not upgraded and staid n Invoice. Now i tried again and first i deleted the old trial of books. But now all is gone, PLEASE HELP!! i have no backup and i have to have at least 7 years data retention by law. 

      • Zoho Desk Down

        Not loading

      • lookup and integrated forms

        I might be misunderstanding things but I wanted to integrate our zoho crm contacts into creator. I imagined that when I used the integration it would mirror into creator. It did brilliant. BUT We have a ticket form in creator that we want to use a lookup

      • Partially receive PO without partial Bill?

        Most of our inventory is pre-paid. Let's say we purchase 30 pieces of 3 different items for a total of 90 pieces. It is common for our supplier to send us the items as they are ready. So we will receive 30 pieces at a time. How can I partially receive

      • 2 users editing the same record - loose changes

        Hello, I'm very new to Zoho so apology if this has been addressed somewhere i can't find. I have noticed the following: If we have 2 users put an inventory item in edit mode at the same time: say user1 click on edit and user2 while user1 is still in edit,

      • How to get the Dashboard page to be the first page when you open the app

        So when it opens on a tablet or phone it opens on the welcome page, thanks.

      • How I set default email addresses for Sales Orders and Invoices

        I have customers that have different departments that handle Sales Orders and Invoices. How can i set a default email for Sales Orders that's different than the default email for Invoices? Is there a way I can automate this using the Contact Persons Departments

      • Formula fields not refreshing until page is reloaded

        I need help/advice about the formula fields and how I can refresh the information in real-time. We have two formula fields on our deals page which show calculated prices: One formula is in a subform which calculates the subform total + 1 other field amount

      • How can I setup Zoho MCP with Chat GPT

        I can set up custom connections with Chat GPT but I cat an error when I try to set it up. The error is: "This MCP server can't be used by ChatGPT to search information because it doesn't implement our specification: search action not found" Thoughts?

      • API ZOHO CRM Picket list with wrong values

        I am using Zoho API v.8. with python to create records in a custom module named "Veranstaltung" in this custom module I've got a picket list called "Email_Template" with 28 Values. I've added 8 new values yesterday, but if I try to use on of those values

      • Group Emails

        I have synced Zoho CRM to Campaigns but there are certain email not synced. showing it is Group Emails, but this email ids belongs to different individuals. please provide a solution as i nedd to sync the same.

      • Enable Password Import option in ulaa browser

        Dear Ulaa Team, I noticed that the Ulaa Password Manager currently offers an option to export passwords, but not to import them. This limitation poses a challenge for users like me who have stored numerous credentials in browsers like Chrome. Manually

      • "Is Zoho CRM customer" vs "Is linked with Zoho CRM"

        Recently while building a Flow, I was setting up a Decision action following a Zoho Invoice Fetch record action. There were 2 choices that I had not seen as something I could manually action in Zoho Invoice: "Is Zoho CRM customer" and "Is linked with

      • Client Script | Update - Introducing ZRC: Simplified HTTP request library

        Hello Developers! Are you tired of juggling different methods to make API calls? Are you confused with multiple syntaxes and version restrictions? Have you ever wished for one simple way to make all API calls in CRM? We heard you :) Here comes ZRC (Zoho

      • Selection Filed for Data Export section

        Hi FSM Team, I hope you are all doing well. I would like to share an idea for future development based on my experience. Currently, in FSM, we can only download up to 5,000 records at a time. If the development team could add a selection option to choose

      • Text wrap column headers in reports?

        Is it possible to auto wrap column headers so that a longer multi-word header displays as two lines when the column is narrower than the width of the header title?

      • What if I dont see contacts on the left side list

        My CRM does not show the contacts tab. In order to create list this is needed and I cant find it.

      • Comments Vs. Replies

        I'm curious as to the difference between a "Reply" and a "Comment" on a ticket. It appears that "Replies" are what's used to determine response time SLA's and there are also used to automatically re-open tickets. I'm just trying to understand the key differences so I can educate both our clientele and our back-end users on which function/feature to use to better improve the ticket lifecycle. If anyone has any insight it would be appreciated. Thanks!

      • Transitioning to API Credits in Zoho Desk

        At Zoho Desk, we’re always looking for ways to help keep your business operations running smoothly. This includes empowering teams that rely on APIs for essential integrations, functions and extensions. We’ve reimagined how API usage is measured to give

      • Resetting auto-number on new year

        Hi everyone! We have an auto-number with prefix "D{YYYY}-", it generates numbers like D2025-1, D2025-2, etc... How can we have it auto-reset at the beginning of the next year, so that it goes to D2026-1? Thanks!

      • Can you prevent closing Ulaa window when the last tab is closed (inadvertently)?

        Most browsers have started to bring this feature in to prevent closing their windows when the last tab is closed (inadvertently). I hope Ulaa should get this in too.

      • Microsoft Phone Link

        Does anyone know if you can use Microsoft Phone Link to make calls through Zoho?

      • Voip Phone system that integrates with Zoho

        Just checking to see if anyone could tell me what phone system they are using with Zoho that is on the list of systems that integrate with Zoho.  I use Vonage and have been with them for quite a few years but their service has really gone down hill and

      • Removing Related Modules Lookup Fields Assignment / Relationship

        Issue: When creating a related list, I accidently selected module itself creating a circle reference. See attached. Situation: I wish to relating a custom module called "Phone Calls" to Leads and Contacts. Outcome: 1) I either want to remove the this

      • Next Page