GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 






        • Recent Topics

        • Dealing With One-Time Customers on Zoho Books

          Hello there! I am trying to figure out a way to handle One-Time customers without having to create multiple accounts for every single one on Zoho Books. I understand that I can create a placeholder account called "Walk-In Customer", for example, but I

        • Marking a meeting 'done'.

          I would like to somehow mark a meeting 'done' and placed under the contact's page rather than deleting it and having no record of it. Am I missing a button that does this?

        • Feature Request: Render Markdown (.md) files in Zoho Cliq

          Hi, We regularly share Markdown (.md) files in Zoho Cliq. However, when we open these files in Cliq, the content does not render as Markdown—it displays as plain text. This forces us to copy/paste the content into an external Markdown viewer to read it

        • CRM Percent custom fields: When will it show the % symbol and behave like %?

          1. Actually Percent custom fields fail to show the % symbol. 2. When in formulas Percent fields work like number: 100 x 5% = 5 ideal world 100 x 5% = 500 what happens actually 3. When importing Percent fields the % symbol has to be removed and the data

        • Subforms and automation

          If a user updates a field how do we create an automation etc. We have a field for returned parts and i want to get an email when that field is ticked. How please as Zoho tells me no automation on subforms. The Reason- Why having waited for ever for FSM

        • Xero Billing Data (22 instances) - Zoho (CRM) - Single Source of Truth For Client Data & Notes

          Hi - I’m trying to build out a CRM for a Single Source of Truth Currently I have 22 Instances of Xero (for legal entity purposes - can’t consolidate to one) How would I be best placed to do this? Is it possible to have all the Xero instances (22) → Consolidated

        • Select CRM Custom Module in Zoho Creator

          I have a custom module added in Zoho CRM that I would like to link in Zoho creator.  When I add the Zoho CRM field it does not show the new module.  Is this possible?  Do i need to change something in CRM to make it accesible in Creator?

        • New 2026 Application Themes

          Love the new themes - shame you can't get a little more granular with the colours, ie 3 different colours so one for the dropdown menu background. Also, I did have our logo above the application name but it appears you can't change logo placement position

        • Zoho Expense - Bi-Weekly Report Automation

          Hi Zoho Expense Team, My feature request is to please include an option to automate creation of reports bi-weekly (every 2 weeks)

        • PDF Generator Upgrade

          Hi Team, What will happen if I don't make any changes for existing template. Zoho just ask us upgrade but haven't tell the benefit. Zoho Corporation

        • 500 internal server error on opening an iframe through a deluge script

          Hi Team I am trying to open an external url in an iframe through my deluge script which is associated to a custom button . By doing this i am getting an "Internal Server Error" . Please can you help me with this.

        • Zoho CRM Quotes – Subform and PDF/Writer Limitations

          Hello, I am encountering the following limitations in Zoho CRM Quotes: Custom product images cannot be uploaded in the subform – the image upload field cannot be added; only the file upload field is available. File upload placeholders cannot be used in

        • Strange behavior in CRM Number Field – Characters allowed but not "e"?

          Hi everyone, Has anyone faced this strange issue in Zoho CRM? In a Number field, it is possible to type some characters, but the character "e" cannot be entered. This was really surprising to me. Normally, a number field should restrict all characters

        • No background for video recordings, no playback speed, can't even playback longer recordings - have to download…

          Hi. We utilize heavily video messages on Slack, but wanted to migrate to Cliq with Zoho One, however very basic yet very frequently used feature is missing: backgrounds for video recordings and playback speed. We were not happy with Slack's 5 minute limits

        • Support inefficiency

          We have been asking for support for a minor adjustment for 12 days now and we haven't got a single viable resolution from support team despite there are 19 emails going between our HR team and various support emails from Zoho. 1. they do not understand

        • Can I export to PDF in Zoho Learn

          I have seen help pages where export to pdf options are available but I do not see that option available from the application. I see that exprt is available in my free trial version but that is only to html pages. I need to be able to export my manuals

        • Zia capabilities now available in the Professional edition announcement

          Hello all! The Professional edition now supports a broader set of Zia capabilities, enabling teams to bring AI into more of their everyday CRM work. From writing assistance and summaries to setup support, predictions, and recommendations, Zia can now

        • Where Do I set 24h time format in Cliq?

          Where Do I set 24h time format? Thanks

        • This will be long, Please bear with me - Next Gen Layout - Search

          In general, I think that Zoho are going in the right direction with the Next Gen UI. The latest update brings some nice improvements and all-in-all from a user's perspective I think the improvements are generally very good. However, there are some areas

        • Selecting all notes in a notebook

          In Windows11, I select a notebook and I get a list of notes, but only 30 notes. If I scroll down to the end, I get an additional 30 notes (and at the top it now shows 60 notes). I can keep doing this to eventually see all my notes but this is a real pain.

        • Update latitude & longitude address field API

          How do I update the coordinates of an address field from a widget? I can't modify the latitude and longitude of the address field. I think the problem is how I'm writing formdata variable. zoho_init.then(function (data) { var queryParams = ZOHO.CREATOR.UTIL.getQueryParams();

        • Filter Records in CRM API

          Hi Team, I’m currently working on a task to retrieve expired deals from the CRM. By “expired deals,” I mean deals where the closing date has already passed and the stage is not “Closed Won” or “Closed Lost” (i.e., all other stages). I tried using both

        • User Name in Zoho Cliq Not Updating Across Apps?

          We updated the name of a user in Zoho. (From Sue to Taylor) Her name has not been updated in Cliq on all apps. When in Zoho One, if I go to Cliq directly, it is correct, but if I am in another app, and the Cliq bar pops up on the bottom, it will be the

        • Ability to Use Both AND and OR When Creating Rules (Advanced Conditions)

          I'd like to be able to use more complicated logic when setting up rules. E.g. in Zoho Mail, I can choose "Advanced conditions (AND/OR) to create a rule that can be applied to multiple subject lines from the same sender. But in Zoho TeamInbox, I will have

        • Attaching files to emails within CRM Deals.

          Hello, We have recently started using the extension "Workdrive for CRM" (Related List) to view/store our documents for each Deal, instead of using Attachments. Overall it feels like a better way to go but the user experience is not so great when it comes

        • Why I can't map Account Name from lead module to Account module?

          When I qualify a lead in the bluerprint, I use automated conversion in Blueprint to automatically create Contact, Account and Deal. the Deal record and contact record has been successfully created automatically as I expect, but I can't see any account

        • Pause(1);

          I'm using scheduler to invoke an interaction via http post with an external service. The schedule code uses a for-each loop that runs so fast my external application's log files get messed-up (they are named by date-time stamp). What I'm suggesting is

        • Release Notes | February 2026

          We have rolled out another set of enhancements in Vertical Studio during February 2026, bringing improvements to Canvas customization, reporting capabilities, and data access controls. Here is a summary of what was released during February 2026: Canvas

        • Agentic Engineering with Zoho: The Next Evolution of Intelligent Systems

          The concept of Agentic Engineering is reshaping how modern systems are designed. It introduces a new layer to the way we think about artificial intelligence and system architecture. For years, most software systems have operated in a reactive way — responding

        • Engenharia Agêntica e as soluções da Zoho

          O conceito de engenharia agêntica impacta diretamente como os sistemas são projetos. Este tema inseri mais uma camada a nossa idéia de inteligência artificial. Antes o desenvolvimento de sistemas operavam de forma reativa e dependente de comandos diretos,

        • Effective project and task customization with CodeX

          Dear users, Beyond Task Lists is a series of articles aimed at showcasing the various customization capabilities of Zoho Projects. We'll discuss real life project management scenarios, use cases, and requirements that needs combining multiple features.

        • Set expiration date on document and send reminder

          We have many company documents( for example business registration), work VISA documents. It will be nice if we can set a expiry date and set reminders ( for example 90 days, 60 days, 30 days etc.,) Does Zoho workdrive provide that option?

        • Debit opening balances of vendors

          Dear colleagues: I am looking at the trial balance as on 31st March 2024, and punching opening balances (1st April 2024) in Zoho Books. Vendors have credit balances, by its nature, but some of our vendors have debit balances as well (e.g., we have paid

        • Zoho Books emails suddenly going to Spam since 11 Nov 2025 (Gmail + now Outlook) — anyone else?

          Hi everyone, We migrated to Zoho Books in July 2025 and everything worked fine until 11 Nov 2025. Since then, Zoho Books system emails are landing in customers’ Spam (first Gmail, and now we’re seeing Outlook/Office 365 also starting to spam them). Impacted

        • Client Portal ZOHO ONE

          Dear Zoho one is fantastic option for companies but it seems to me that it is still an aggregation of aps let me explain I have zoho books with client portal so client access their invoice then I have zoho project with client portal so they can access their project but not their invoice without another URL another LOGIN Are you planning in creating a beautiful UI portal for client so we can control access to client in one location to multiple aps at least unify project and invoice aps that would

        • The Social Wall: February 2026

          Hello everyone, This month, we’re bringing you a mix of exciting toolkit enhancements and a few improvements across the web and iOS app, all designed to make your social media management simpler and smoother. File converter Images come in different formats,

        • Zoho Mail and SalesInbox doesn't link to CRM record using Reply-To

          Hi, I've just set up SalesInbox, with the intention of using it for sales enquiries (instead of Desk, which I have been using until now). I've noticed that, unlike Desk, SalesInbox only uses the 'From' email address to attempt to link to a CRM contact

        • Service line items

          Hello Latha, Could you please let me know the maximum number of service line items that can be added to a single work order? Thanks, Chethiya.

        • Poor Search Results on Zoho CRM

          The search on Zoho CRM is quite poor. Salesforce has now published a new search, when will get this on Zoho? https://help.salesforce.com/s/articleView?id=data.c360_a_hybridsearch_index.htm&type=5

        • How to use filters on all products page? Or even a category page?

          Hello, I am trying to create some filters so users can use filters to find products they are looking for. So what i am trying is to create a filter according to price lets say. So if i define it this way i am expecting to see this filter option on category

        • Next Page