GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 






        • Recent Topics

        • Zoho Developer Community Hackathon 2025 is LIVE!

          Hey developers! It’s that time of the year again — the Zoho Developer Community Hackathon 2025 is officially open for registrations! If you’ve been waiting for a chance to stretch your skills, try something new, or finally bring that idea to life, this

        • Zoho Books | Product updates | September 2025

          Hello users, We’ve rolled out new features and enhancements in Zoho Books. From PayNow payment method to applying journal credits to invoices and bills in other locations, explore the updates designed to enhance your bookkeeping experience. Integrate

        • Zoho Workdrive for Office, "vsto runtime not found"

          Hi all, I have been trying to get ZohoWorkdrive_MS-addin_1.4.exe installed, but I keep getting the error "VSTO Runtime Not Found!" - even though I have installed it ... Anyone else hear had problems with the MS addin?  FYI, I am using O365 on A Dell laptop running Win 10 Home - fully patched and up-to-date.  I have tried compatibility modes and running explicitly as Administrator - the usual steps. Any advice would be appreciated.

        • Add "Fetch Composite Item" Action for Inventory

          I want to make a Flow that uses information returned in the GET call for Composite Items, and it's not currently available in Zoho Flow. Please consider adding this functionality.

        • Inactive Items - Make Less Prominent by Default

          Currently, when one marks an Item as "Inactive", it really doesn't do much of anything to hide it or get it out of the way. Search and reporting within Finance should, by default, hide inactive Items from standard reports, searches, etc. If one specifically

        • Can no longer export as pdf

          In NOTEBOOK I am no longer able to export notes to pdfs as I used to be able to. When I hit that command it asks where I want to send it, but no matter what I chose there is no pdf attachment that shows up in order to send. Nothing happens.

        • Emails are going to notification folder and not in inbox

          emails are going to notification folder and not into inbox

        • How can I prevent the Zoho Vault extension from automatically logging me out?

          Hi, I want the Zoho Vault Chrome extension to never log out. How can I do this? It only allows me to log out for 1 week, and the same applies to the Android app.

        • Zoho CRM App - Links

          Hi  Is there are plan for making Custom Links available in the Zoho CRM Android App? I can't see them being added? Thanks Gene

        • Templates

          Trying to sort out / get rid of unwanted invoice templates, the error msgs are not at all helpful. Surely it's easy to amend the error msg by including a list of the names of the customers / vendors that use it, denying deletion or making it inactive

        • Contacts limit in basic vs standard - what counts? Are customers contacts?

          I’ve been using books for a number years for my small business. I only ever work with 20 clients at any given time. I do purchase services from a number of vendors to run my business, so there are some comtacts there too. I used to use the basic package,

        • Finding missing records

          I have a challenge and I am not really sure where to start with it. I can't find any similar threads on here, can anyone help: I have two forms, FormA and FormB. Both forms have records that contain a field called Job_Number. What I am trying to achieve

        • Prevent Unapproved Quotes from Exporting to Zoho CRM Finance Module

          Is it possible to prevent unapproved quotes in Zoho Books from being exported from Zoho Finance module inside Zoho CRM?

        • ZOHO BOOKS - RECEIVING MORE ITEMS THAN ORDERED

          Hello, When trying to enter a vendor's bill that contains items with bigger quantity than ordered in the PO (it happens quite often) - The system would not let us save the bill and show this error: "Quantity recorded cannot be more than quantity ordered." 

        • Updates for Zoho Campaigns: Merge tag, footer, and autoresponder migration

          Hello everyone, We'd like to inform you of some upcoming changes with regard to Zoho Campaigns. We understand that change can be difficult, but we're dedicated to ensuring a smooth transition while keeping you all informed and engaged throughout the process.

        • Process between CRM and Campaigns to ensure double opt-in contacts?

          I would like to ask for a few clarifications to ensure we fully comply with best practices and legal requirements: According to the documentation (Zoho Campaigns CRM sync – Default option), the best and recommended way to sync contacts is by using the

        • What's New in Zoho Inventory | August – October 2025

          Hello customers, The last quarter has been incredibly productive! We've released a powerful slate of new features and enhancements in Zoho Inventory designed to give you better control, greater efficiency, and expanded functionality across your inventory

        • Search not working!

          I have items in my notebook tagged but when I search for a tag nothing comes up! Any fix for this?

        • Let's Talk Recruit: Meet Zia, your all-in-one AI assistant (Part-2)

          Welcome back to Let’s Talk Recruit series. In Part 1, we introduced Zia and how AI is reshaping the way recruiters work. This time, we’re taking a closer look at how far Zia has come and how each update continues to simplify your everyday tasks. When

        • Zoho Developer - Feature Request Platform

          Zoho Developer is one of the most underatted platform in zoho ecosystem, however, it may just be what zoho needs to welcome more people to use Zoho Services. The more developers you have creating zoho creator applications and zoho extensions the more

        • Last/Previous month in relative date filter

          In the relative date filter, what is the difference between "Last 2 months" and "Previous 2 months"? So, if we are on 25-July, then is my understanding correct of the following: Last 2 months :=:      25-May~24 July Previous 2 months :=:     01-May~30-June Thanks.

        • Tags get removed from notes on mobile

          I don't know why this keeps happening even after all these app updates but if you log out and log back into the app or you reinstall it, all the tags you assigned to your notes get taken off, but if you go on the desktop version the tags are still there.

        • Show Zoom Link in Recipient's Calendar

          We set up meetings within a record, selecting the "Make this an online meeting".  We use Zoom. Most of the recipients go to their calendar (usually Gmail or Outlook, corporate) to join the Zoom meeting, but there is no Zoom link in the calendar. Can this

        • How to fetch custom fields for time entries in Zoho Project API v3

          In the previous Zoho Projects REST API, we were able to retrieve custom field details for time entries, including picklist options, using the endpoint: GET /restapi/portal/[PORTAL_ID]/timesheetcustomfields In the new Zoho Projects API v3, we tried using

        • VAT rates - exempt and out of scope

          Good Evening, UK based company here. I am a bit confused in respect of setting up VAT rates for exempt goods and services; at present I am simply leaving the VAT rate blank in the transactions in order to prevent any VAT appearing in the VAT return. When

        • Zoho is blocking emails I subscribe to from one sender

          About 4 months ago I stopped receiving newsletters that I subscribe to from @thedispatch.com. They tell me that zoho's server is blocking them. I've added them to my contacts list, but they're not even reaching my inbox. I don't know how to troubleshoot

        • Introducing Lead Capture: Empower exhibitors to capture leads effortlessly

          Events provide a great opportunity for exhibitors to generate awareness and engage with potential customers. Efficiently distributing attendee information to exhibitors through a seamless and secure way is of paramount importance. Introducing Lead Capture

        • Work Order Creation Issue

          Dear Team, I would like to inquire about the daily limit for Work Order creation in Zoho FSM. Yesterday (02/05/2025) at around 6:30 PM GST, I attempted to create a Work Order, but I have been unable to do so since then. Please find the attached image

        • Accessing shared mailboxes through Trident (Windows)

          Hi, I have a created a couple of shared mailboxes. The mailboxes are showing up on the browser based Zoho workplace, but I cannot seem to figure out how to access my shared inboxes through Trident (Windows). Am I missing something or is this feature not

        • URGENT: ChatGPT Extension Failing With “gpt-3 Access Error” (Priority Support)

          Appreciate support reviewing this urgently. I am a Priority Support member and need immediate clarification on a recurring issue involving the ChatGPT extensions inside Zoho Desk. Both extensions — including the version created and published by Zoho —

        • Server error when trying to Data > Sort > Custom Sort

          Been using Data > Sort > Custom Sort for a while, now it has suddenly stopped working. When selecting the same data range and trying to execute, I get "Sorry! There was a problem saving your last edit. Please try again."

        • Zoho Desk iOS update: Custom buttons, follow/ unfollow option on tickets

          Hello everyone! In the most recent Zoho Desk iOS app update, we have brought in support to access the custom buttons configured on web app(desk.zoho.com). Using custom buttons you can seamlessly execute predefined actions directly from their mobile devices,

        • Zoho pdf suit

          Pl. design products with following feature: 1. Please add all features given in Ilovepdf website to work on pdf files. It is mandatory to use pdf in court work. 2. Courts have prescribed New Times Roman, pl. add this font as well 3. Indexing, signature

        • Zoho Not Working

          Today Zoho not wokring

        • Dynamically autofill fields with URL parameters

          I have a zoho form embedded in my organization's WP website. Our users find their account with a search tool, and then can select to open this page with the embedded form. The URL of the page holds the parameter that I need, but I cannot figure out how

        • User Automation: User based workflow rules & webhooks

          User management is an undeniable part of project management and requires adequate monitoring. As teams grow and projects multiply, manual coordination for updating users & permissions becomes difficult and can give way to errors. User automation in Zoho

        • Integrate Projects for Desk KB article release tasks

          Could you please look into the possibility of integrating project tasks for Zoho Desk article release processes? We are looking for an internal integration between Zoho Projects and Zoho Desk's KB article drafting, reviewing and releasing tasks. We could

        • Issue in Annual Leave

          We created a policy to credit 21 days at the Start of the Year An employee has taken 16 days of leaves thought the year, so we expect to see 5 Leaves remaining right? But Zoho People is Showing 12 Days of Leave Balance Available If we check the Leave

        • Use the searchBy parameter to find user by email address

          I'm trying to find a user is Zoho Desk via the Api. In the documentation I see that there is the possibility to add a searchBy parameter in the request. But I can't find how the search values should be formatted. I've tried multiple things and get either

        • Zoho CRM Community Digest - September 2025 | Part 2

          Hello Everyone! Mid-September vibes: fresh tips, smart hacks, and practical Zoho CRM updates all in one place. Let’s dive in. Product Updates: The All-New Address Field! The new Address field type makes it easier to capture complete addresses in one structured

        • Next Page