GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 






        • Recent Topics

        • Circuite fail because www.zohoapis.com:443 refuse conection

          Is anyone else experiencing this issue? A few weeks ago, I started having issues with circuits failing due to www.zohoapis.com:443 refusing the connection. The error message is quite clear and points to a problem on Zoho's API server, rather than with

        • Error in connecting to WorkDrive

          I'm trying to write a script to look in a specific WorkDrive folder and if there is a csv or xslx file, copy it to a different folder with a modified filename. That gave me the error: {"errors":[{"id":"F6016","title":"URL Rule is not configured"}]} So

        • Help with Zoho Books Deluge code error

          I have this deluge code im writing for Zoho Books button, it throws an error: Check and update the code in line 12 as there is a Exception : Error at line :14 Improper Statement Error might be due to missing ';' at end of the line or incomplete expression

        • Add additional field to quick search results

          IN the advanced search, we can add any field to the columns. In the regular search results (before you press enter, there is no option to modify the results. It would be super useful to include a custom field where it currently displays the pipleine

        • Problem - cant add Users (i.e. Zoho one / CRM Users) to BCC or CC in email, i.e. Sales orders or Retainers

          I can go to zoho books email templates, and select any email template, and automatically include any Zoho One user, i.e. member of staff. However in the context of sending an email, it will not let us add a member of staff from the user list, instead

        • Is there a way to show contact emails in the Account?

          I know I can see the emails I have sent and received on a Contact detail view, but I want to be able to see all the emails that have been sent and received between all an Accounts Contacts on the Account Detail view. That way when I see the Account detail

        • Referring to Zoho user groups in Deluge?

          Hello, I am wondering whether it is possible to refer to Zoho user groups (with whom the application is shared) in Deluge. I currently restrict records to be viewable only if the login user created the record, but I would also like to make all records viewable if the login user belongs to group X. Thank you.

        • Zoho Books CREDIT LIMIT is completely USELESS due to a BUG!!! Please fix it ASAP!!

          Credit Limit should not be taken into account if payment terms on the Invoice are without credit. If selected Credit 0 days (Prepayment) why in this world would a notification pop up saying credit limit is exceeded and not allowing to create an invoice?

        • Mail Merge - unable to send more than 50 email

          Hi, I've subscribed to the pay email service because of the Mail Merge feature. However, I've found that this feature only allow to send up to 50 emails. I've to attach a screenshot for your reference. This limitation is not mentioned anywhere in service.

        • Auto-sync field of lookup value

          This feature has been requested many times in the discussion Field of Lookup Announcement and this post aims to track it separately. At the moment the value of a 'field of lookup' is a snapshot but once the parent lookup field is updated the values diverge.

        • Records not showing immediately.

          Hi, I keep coming across a problem when records are inserted, updated or deleted via deluge, the changes / new records or deletions aren't visible in the form's report. (Even after refreshing and clearing browser cache). I am experiencing this issue in both Google Chrome and Firefox. The records will eventually show up, but the delay can vary wildly. Below screenshot shows the report still showing a record which has been deleted via deluge.  When clicking "edit" on the record, Zoho displays a single

        • Email signature duplicate

          Hi, For a few weeks, opening the email writer would show an error. After clicking ok, the signature would change slighty (font size, I believe). After that it worked fine, so we thought nothing of it. However, now it no longer shows the error puts the

        • I can't auto-scheduling calls down - the code does not change anything

          Hi, I was trying to set a function that auto-schedules calls based on their call result; i.e "Requested more info". I had also included a reminder to send an email in the code. I logged a test call and nothing changed. Is there anything wrong with the

        • customers enter orders?

          Anyway we can let a customer into CRM and enter their own orders , no access to anything else except history reports, no access to any other contacts. Greg Aanes 2109 Queen Street Bellingha WA USA

        • Can I associate a lead with an account?

          Hello, Can I associate a lead with an account?  The only way I can do this at the moment is if I convert them from a lead.  But we have a situation where we have multiple leads for one customer so I will need to see both leads when I am viewing this customer. Thanks. Jason

        • 404 error for sites

          I'm getting a 404 error for all the sites that I created...they were working just 4-5 hours ago....

        • Default view to Gantt

          Greetings How does one set the default view to Gantt?

        • How to add two columns in Zoho forms

          I would like to have two columns in Zoho forms. How can i enable two columns?

        • Condition in templates

          Is it possible for me to add merge field conditionally in my templates. For example Dear ${Leads.Gender == "Male" ? "Sir" : "Ma"},

        • Group Sales Inbox with subfolders

          I am looking for the most effective way to create a group inbox.  I am exploring Zoho coming from a CRM where we have a group sales inbox, which is divided into 3 subfolders depending on which language the sender is sending the mail to.  We have an English, Spanish and French email address where,each message is going to one of the subfolders in the main sales inbox. I have only been using the Zoho system for a few days and am trying to set it up the most appropriately and would like to know how this

        • Zoho Support / Microsoft Outlook integration

          Is there integration between Microsoft Outlook and Zoho Support?  If so, can you point me to the related documentation?  I'm trying to understand how that would work.

        • Why cant I add users to my Portal, Workspace or Base?

          When trying to add users a view within my base, the users arent appearing. They are part of my organisation user list and should be available for selection when sharing a view within a base, but they arent popping up to select. What could the issue

        • Zoho Desk Invite

          I'm trying to send an invite via Zoho Desk to the email nwc.hd@telecare.com.sa using my account in Zoho desk rmsh7777.rs@gmail.com but the invitation or email is no received. I need your kindness to activate the account, please.

        • How can I make a part of a form be divided into two columns?

          Hi, i have a form, and i want to have 2 columns in the form but not completely, so, the first part of the form have 1 column but in the bottom of the form, i want 2 columns, how can i do? Thank you.

        • Get a realistic picture of your revenue with Forecast Adjustments in Zoho CRM

          #crm25q1 Dear Customers, We hope you're doing well! Today, we're here with an important enhancement for business decision makers: forecast adjustments. Let's get straight to it! With technology on the rise and CX at its core, businesses are constantly

        • Filter timesheet by log title

          Hello, is there a way to filter timesheets by log title (or to group by log title). Thank you

        • We are being told that emails sent to us bounce back on first attempt, then go through upon the second attempt. How do we fix this?

          As the title suggests, when interacting with another business today (one that is also using their own domain emails) we were told that each time they sent an email to us, it would bounce back upon the first attempt, only to go through successfully upon

        • MA 2.0 Email Footer

          Good day, I recently went through the nightmare of upgrading from MA 1.0 to MA 2.0 and continue to experience more problems or missing features and settings. In this particular case, I am trying to find where and how to edit the Email Footer in MA 2.0.

        • Show both Vendor and Customers in contact statement

          Dear Sir, some companies like us working with companies as Vendor and Customers too !!! it mean we send invoice and also receive bill from them , so we need our all amount in one place , but in contact statement , is separate it as Vendor and Customer, 

        • Workflow Based on Manual Journal

          Manual journal entries are one of the few areas that cannot kick off a workflow automation in Zoho Books currently. I would propose considering adding that. My use case is that the payroll provider I use (a flavor of SurePayroll) has a Zoho Books automation

        • Assistance needed in transition if firm is converting into company

          Hello! Our sole proprietor firm is converting into private limited company. I would like to know what needed to be done in zoho books for such case. what are steps that needed to be perform for transition process in our zoho books organization profi

        • Partner with HDFC And Sbi Bank.

          Hdfc and sbi both are very popular bank if zoho books become partner with this banks then many of the zoho books users will benefit premium features of partnered banks.

        • Zoho Creator Upcoming Updates - March 2025

          Hello everyone, We hope you’ve had the chance to explore Release Projection 1 for 2025! This month, we’re keeping up the momentum by bringing even more powerful features and enhancements to Zoho Creator. Here's what you can expect in March: App menu builder

        • Permission Update Failed

          Dear Sir, I have downgraded from the trial paid plan to Free Plan. I am logged in as CEO - Administrator and trying to change the profile permission but getting error - Permission Update Failed. Please see the screenshot. In most of the pages I am getting

        • Calculating Project Margins and Revenue per Hour in Zoho Analytics Using Data from Zoho Projects and Zoho Expense

          Hello, I would like to know if it's possible to use Zoho Analytics to calculate taxes and margins for the projects available in Zoho Projects, while also including the expenses recorded in Zoho Expense. I’m looking to build a dashboard that calculates

        • How to install Widget in inventory module

          Hi, I am trying to install a app into Sales Order Module related list, however there is no button allow me to do that. May I ask how to install widget to inventory module related list?

        • Picklist reference value in REST

          picklist options can be configured to have a different reference value than the displayed one, should be helpful in things like multilanguage: https://help.zoho.com/portal/en/kb/crm/customize-crm-account/translations/articles/translations is there a way

        • Improve Zia Data Foundation

          Hi, is it possible to manually improve Zia's CRM data foundation for companies? Zia tends to give data based on foreign companies but we only operate in the German market. Even if I specifically but the German company name and the URL to the german imprint

        • Verify email addresses to be eligible to use BCC dropbox

          Dear Customers, We hope you're well! Zoho CRM allows various modes of email correspondences for various purposes. A user can integrate their email address with Zoho CRM using the IMAP/ POP3 protocols to sync their mailbox with the CRM, the admin can integrate

        • Unable to access Zoho Help Community on my main browser

          Hi, I have been unable to access https://help.zoho.com on my chrome browser for a while now. Initially I thought it was a glitch from Zoho, but when I accessed from incognito mode, I was able to access it. I have cleared cache - cookies, but still access

        • Next Page