GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 






        • Recent Topics

        • Important update: Migrate to the new SalesIQ live chat widget before April 14, 2026

          The old SalesIQ live chat widget will be deprecated on April 14, 2026. This is a final reminder to migrate to the new SalesIQ live chat widget before this date. After April 14, 2026, the old widget will no longer be maintained, which can lead to slower

        • If your IM chats aren’t auto-assigning, here’s what to check

          Hey everyone! We’ve been seeing quite a few questions around Instant Messaging (IM) Chat Routing in Zoho Desk, especially around how it actually behaves in real time. So I thought I’d share a practical breakdown of what’s happening behind the scenes.

        • connect zoho creator with google drive

          Hello everyone, I need to connect to a folder drive. The idea, is that google drive loads a text document with some data, I must read that text document to be able to autofill a form that I have in zoho creator with that data. I also attach PDFs and place

        • Uploaded files are not included when using "Include user submitted data" in Email Notification

          In Send Email notification workflow in Zoho Creator, there is an option called "Include user submitted data" which allows the email to contain all the form submission details. However, when this option is enabled, files or images uploaded through File

        • Extend Zoho Canvas Customization to Zoho Creator Forms and Reports

          Currently, Zoho Canvas allows users to design and customize the UI of Zoho CRM modules with a much better visual experience. This helps organizations create cleaner layouts, improve usability, and design interfaces that match their workflows. However,

        • Kanban View for Projects.

          At our organization, we describe active projects with various statuses like "In Proofing" or "Printing" or "Mailing". In the Projects view, one can set these project statuses by selecting from the appropriate drop-down. While this works, it's difficult to view and comprehend the progress of all of your projects relative to each other in a table. Creating a Kanban view for projects where I can move them from one status to another allows me to see where each project is in the order of our workflow.

        • Button ''I'm Interested'' won't translate

          Since our main platform is in French, I would like to get this ''I'm Interested'' button translated to French ''Je suis intéressé''. We managed to translate the whole carreer site in French, except the button. How come ? We have a standard subscription,

        • Feature request - image resizing on sales orders

          I need to be able to show the items on the sales orders, currently the item image shows really small and no way to resize it, need the ability to make the image larger to showcase the product on the pdfs

        • ZOHO.CRM.UI.Record.open not working properly

          I have a Zoho CRM Widget and in it I have a block where it will open the blocks Meeting like below block.addEventListener("click", () => { ZOHO.CRM.UI.Record.open({ Entity: "Events", RecordID: meeting.id }).catch(err => { console.error("Open record failed:",

        • Email Parser Not Extracting Fields Correctly with Certain Label Formats

          I’ve been testing the Email Parser functionality in Zoho CRM to automatically extract data from incoming emails and map it to CRM fields. During testing, I noticed that parsing sometimes fails when the email contains field labels formatted like this:

        • Zoho CRM Community Digest - February 2026 | Part 1

          Hello Everyone! February has been off to a productive start in the Zoho CRM Community, with several thoughtful product enhancements and helpful technical discussions making their way into the forums. To help you stay up to speed, we’ve rounded up the

        • Nouvelle fonctionnalité : donnez du style à vos pages avec le Branding

          Que vous prépariez un webinaire important. Vous avez investi du temps dans votre contenu, invité des intervenants de qualité, et les inscriptions commencent à affluer. Mais votre page d’inscription ? Elle ressemble à toutes les autres : générique, sans

        • How to sync Zoho CRM Quotes with Zoho Books/Finance Estimates or Quotes

          Hi everyone, We’re building quotes in the Zoho CRM Quotes module because of its strong CPQ features and better communication options (multiple contacts, email customization, etc.). However, these don’t sync directly with Zoho Books/Finance for invoicing.

        • Marketing Tip #24: Encourage customers to leave reviews

          Reviews are one of the strongest trust signals in ecommerce. When shoppers see real feedback from other customers, they feel more confident about buying, especially when they’re choosing a brand for the first time. Not all reviews are equal. Detailed

        • Ability to Attach Record-Specific Files Automatically in Workflow Email Templates

          Currently in Zoho CRM, email templates allow attachments to be added, but these attachments are static and remain the same for every recipient. There is no straightforward option to automatically attach a file that is stored within the specific CRM record

        • This version of app doesn't support this notecard type Error

          So this problem is happening for any notes created within the last week, as well as any note recently edited on Android. I can open them on my phone fine, but they don't open on the website version. They DO work on the desktop app version. It's just web

        • Issue with Picklist Dropdown Not Opening on Mobile

          Hello I am experiencing an issue with picklist values on mobile. While the arrow is visible, the dropdown to scroll through the available values often does not open. This issue occurs sporadically, it has worked occasionally, but it is very rare and quite

        • {Action Required} Re-authenticate your Google Accounts to Continue Data Sync

          Hello Users! To align with Google’s latest updates on how apps access files in Google Drive, we’ve enhanced our integration to comply with the updated security and privacy standards, ensuring safer and more reliable access to your data. With this update,

        • Allocating inventory to specific SO's

          Is there a way that allocate inventory to a specific sales order? For example, let's say we have 90 items in stock. Customer 1 orders 100 items. This allocates all 90 items to their order, and they have a back order for the remaining 10 items which could

        • Is this a SCAM email or is it really Zoho?

          L.S. I received the following message. Is this from Zoho? I have had a Zoho One account for many years and my website has been online for years. If it is a scam, I think you should know about it.

        • How to close an estimate ?

          Hello, I have created estimates, and converted them to invoices to get 50% payment. Now I have 2 cases where the estimate stills shows status partially invoiced, however: 1. for one of them, project stopped half way, so the remaining part will never be

        • Updating Analytical Fields Data

          Dear Zoho team, I'm having an issue with the recently added fields in both Analytical Desk and Analytical. How can I generate the data in Analytical when new fields are added? https://analytics.zoho.com/workspace/2436819000000007005/edit/24368190000

        • Looking for Guidance on Building a Zoho Website

          I'm exploring the possibility of building a custom website with specific features using Zoho as an alternative platform. My goal is to create something similar to https://gtasandresapk.com , with the same kind of functionality and user experience. I'd

        • My Zoho mail stopped receiving or sending emails about 3 hours ago

          Its a pop 3 account. The emails get into the actual mailbox on the server and I can send emails directly from the server, but they are no longer in Zoho, in neither of my Zoho accounts. All green ticks under Mail Accounts under Settings

        • Zoho Cliq not working on airplanes

          Hi, My team and I have been having this constant issue of cliq not working when connected to an airplane's wifi. Is there a reason for this? We have tried on different Airlines and it doesn't work on any of them. We need assistance here since we are constantly

        • Option in pipeline deal to select which hotel or branch or store if client has more than one local store

          Hi, I would like to know if there is an option in the deal pipeline to select which hotel, branch, or store a deal is related to—if the company has more than one location. For example, I have a client that owns several hotels under the same company, and

        • Request to Recover Deleted Task List – Project ID: RIV-MOD-10722

          Hi Zoho Team, I hope this message finds you well. My Zoho task list associated with Project ID: RIV-MOD-10722 appears to have been deleted. When I clicked on the task link from the email notification, I received the following message: "Task has been deleted

        • Email Insights included in Bigin emals are marked as SPAM everywhere

          Today I noticed that email recipients who use Office 365 never receive emails sent from Bigin. Further examination showed that all Email Insights links in email headers are marked as spam/phishing by Office 365. Example screen included. The problem is

        • How do I import Connected Records for a Deal?

          Can you point me to an example of the CSV file that would add related records to an existing CRM Deal? I imported a Deal, then tried importing a connected record using a unique ID that references the Deal ID, but it doesn't attach it to the Deal rec

        • File Upload Field in Zoho Forms Not Updating Existing File in Zoho CRM

          Hi everyone, I’m trying to understand the behavior of a file upload field mapped from Zoho Forms to Zoho CRM. Scenario There is a File Upload field in a Zoho CRM module. A Zoho Form also has a File Upload field, which is mapped to that CRM field. When

        • Zoho Training

          Greetings! I am trainer. My focus area is Project Management and MS Project. I have used Zoho CRM to a good extent. Though, I was interested in using ZOHO projects, as there were no live projects, I could not take it up for studies. Recently a client

        • Detailed list of scoring rules in Zoho CRM

          Good morning Zoho community, warm greetings The reason for my message today is that I have a problem with my CRM, which I will explain below: Our organization has scoring rules designed to rate our potential customers or leads in the application based

        • How to create a summary document from Projects details

          Hi, Our team is creating many projects inside Zoho Project. When closing a project, they write a summary document containing data from the projects it-self (understand project budget, customers, etc...), and editable (ie the document is either a Writer

        • Host in US Data Centre

          I humble apply to be registered on US Data centre

        • convert the project to templet

          i have some deployment ME product for different customer , i need to create a fixed template for use it rather then keeping creating this template every time

        • Best practices for managing Project Charters, Business Case and RAID logs within Zoho?

          Hello everyone, I’m currently refining our PMO setup within Zoho Projects and I’m curious how others are handling high-level governance documentation. We’ve been using the standardized Project Charter, Business Case and RAID frameworks from projectmanagertemplate.com

        • Work Orders / Bundle Requests

          Zoho Inventory needs a work order / bundle request system. This record would be analogous to a purchase order in the purchasing workflow or a sales order in the sales cycle. It would be non-journaling, but it would reserve the appropriate inventory of

        • Izettle or Sumup Integration for Zoho Books.

          The Stripe & Square clearing works great in Zoho Books. Any further integrations planned in the future for Izettle or Sumup? These card processors are very common for taking payments with a card reader.

        • Trying to access records in a custom module in Zoho Desk and not having luck

          I've built a custom module in Zoho Desk and am using a custom function to query the records in the module and I'm not having any luck. The only way I have found to retreive a record is by getting it by its recordID (the long zoho assigned one). The function

        • ZOHO Books Smart Accounting Software for Travel Agency

          Dear Travel partner, Contact for Travel Agency Accounting Setup & Training Vansh Travel (ZOHO Books Authorised partner) Email: info@vanshtravel.com Mo: +91 98984 95155 Please find PDF   

        • Next Page