GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



    • Recent Topics

    • Bulk update Profile Permissions

      Dears, What should we do if we add new forms or reports and need to update more than 20 permissions? Updating them one by one feels pretty harsh, doesn’t it?

    • Feature Request - Ability to Customise Contact Info Card on Ticket Details View

      Hi Desk Team, I've added a "Contact Priority" and "Account Prioirty" field and it would be very useful to agents if they could see that information in the Contact Info card on the Ticket Details view. It would be great if we could choose some fields to

    • Customizable UI components in pages | Theme builder

      Anyone know when these roadmap items are scheduled for release? They were originally scheduled for Q4 2025. https://www.zoho.com/creator/product-roadmap.html

    • Feature Requests - Contact Coloured Picklist Visibility & Field Visibility During Ticket Creation

      Hi Desk Team, I have 2 feature requests for you. Since Coloured Picklists are now available in Desk, It would be great if the colours were visible on the Related Details (Contact Information) when creating a ticket. In the screenshot below, I have 2 fields

    • Unify Overlapping Functionalities Across Zoho Products

      Hi Zoho One Team, We would like to raise a concern about the current overlap of core functionalities across various Zoho applications. While Zoho offers a rich suite of tools, many applications include similar or identical features—such as shift management,

    • Filter in fields from Jira extension

      We have installed the Jira extension so we can maken Jira issues from Zoho desk. In Zoho desk I can also see the Jira issue status for example but I can not filter on this field. I would like to setup an filter showing me the closed Jira issues. How can

    • text length in list report mobile/tablet

      Is there a way to make the full text of a text field appear in the list report on mobile and tablet? With custom layouts, the text is always truncated after a certain number of characters.

    • Zoho Creator customer portal limitation | Zoho One

      I'm asking you all for any feedback as to the logic or reasoning behind drastically limiting portal users when Zoho already meters based on number of records. I'm a single-seat, Zoho One Enterprise license holder. If my portal users are going to add records, wouldn't that increase revenue for Zoho as that is how Creator is monetized? Why limit my customer portal to only THREE external users when more users would equate to more records being entered into the database?!? (See help ticket reply below.)

    • Link Contacts to Billed Accounts

      Hello, I want to do a survey on all my customers of 2025. For that I want to select all contacts linked to accounts who where billed in 2025. How to I create this link to I can then use Zoho Survey with this database of contacts?

    • Export all of our manuals from Zoho Learn in one go

      Hi, I know there's a way to export manuals in Zoho Learn, but I want to export everything in one go so it won't take so long. I can't see a way to do this, can I get some assistance or is this a feature in the pipeline? Thanks, Hannah

    • Bring Zoho Shifts Capabilities into Zoho People Shift Module

      Hello Zoho People Product Team, After a deep review of the Zoho People Shift module and a direct comparison with Zoho Shifts, we would like to raise a feature request and serious concern regarding the current state of shift management in Zoho People.

    • Historical Sales Info - Blend with Finance Invoice Line Items, Access in CRM and Desk

      My company has been using Zoho One since 2021, with sales data going back through 2020. However, we have been in business much longer, and we have historical sales information that we want to have at our fingertips when talking with customers (usually

    • Is there API Doc for Zoho Survey?

      Hi everyone, Is there API doc for Zoho Survey? Currently evaluating a solution - use case to automate survey administration especially for internal use. But after a brief search, I couldn't find API doc for this. So I thought I should ask here. Than

    • Pre-Zoho Sales Info - Best Way to Add to Desk / CRM

      My company has been using Zoho One since 2021, with sales data going back through 2020. However, we have been in business much longer, and we have historical sales information that we want to have at our fingertips when talking with customers (usually

    • Shift-Centric View for Assigning and Managing Shifts in Zoho People

      Hello Zoho People Product Team, Greetings and hope you are doing well. This feature request is related to Zoho People - please don't move it to zoho one! We would like to submit a feature request regarding the shift assignment and management view in Zoho

    • CRM function REST API response format

      Is there a way to control the JSON response returned by the CRM function REST API? If I call a function using either OAuth or an API key it returns a 200 OK response with a string in the format shown below. I am using a particular feature of an external

    • Add Employee Availability Functionality to Zoho People Shift Module

      Hello Zoho People Product Team, Greetings and hope you are doing well. We would like to submit a feature request to enhance the Zoho People Shift module by adding employee availability management, similar to the functionality available in Zoho Shifts.

    • Using MPN across multiple SKUs and inventory tracking

      I have several different SKU's that share a common MPN and would like to track inventory by MPN. SKU1 has MPN1 assigned SKU2 has MPN1 assigned Here is an example If I start with 5 of MPN 1 in stock I want each SKU1 and SKU2 to show as 5 in stock, If I

    • Unable to Access Application:

      Whenever I try to access my application from the desktop, say I am editing it and want to test something in the desktop environment I get: An error has occurred. An internal error has occurred. Please check the URL , or try refreshing the page I can edit

    • PDF Annotation is here - Mark Up PDFs Your Way!

      Reviewing PDFs just got a whole lot easier. You can now annotate PDFs directly in Zoho Notebook. Highlight important sections, add text, insert images, apply watermarks, and mark up documents in detail without leaving your notes. No app switching. No

    • CRM gets location smart with the all new Map View: visualize records, locate records within any radius, and more

      Hello all, We've introduced a new way to work with location data in Zoho CRM: the Map View. Instead of scrolling through endless lists, your records now appear as pins on a map. Built on top of the all-new address field and powered by Mappls (MapMyIndia),

    • Cannot see Application from Lookup field

      Hi all, I am trying to access data for an application on our account via a lookup field; however, the application doesn't appear in the dropdown at all. Can anyone shed any light on this, please? I have asked Zoho support; however, they're just as confused,

    • Cannot see correct DNS config for mail after moving domain to another provider

      I have moved my domain from one provider to another and after that zoho mail stopped working (expected). Problem is, zoho mail admin panel still shows (10 hours after move) that all records are correct while I haven't changed anything in my domain DNS

    • Zoho CRM Meetings Module Issues

      We have a use-case that is very common in today's world, but won't work in Zoho CRM. We have an SDR (Sales Development Rep) who makes many calls per day to Leads and Contacts, and schedules meetings for our primary Sales Reps. He does this by logging

    • Zoho Books integration sync from Zoho CRM does not work

      Hi Zoho Community & Zoho Support We just tried to get a sync some products into Zoho Books from CRM using the native sync and we're getting an error: "It looks like some mandatory fields you're trying to map are empty. Please provide valid field names

    • P & L Sub-categorized accounts

      How can I show sub-categorized Income and Expense accounts on the P & L report?

    • Report showing Bill Details with Project and Sales Invoice Number

      Hi There, I am hoping that someone can help, I am looking for report that can show the bill and expense details along with project its as assigned to and the invoice number that the sales has been raised in. The goal is I can filter a customer/project

    • Advanced Payment for Inventory Items with serial numbers

      Hello, We sell equipment that we track the unique serial numbers on using Sales Orders. We can charge the customers an advanced payment, then the balance on delivery. We cannot figure out a way to do this in Books/Inventory: - Cannot part invoice a SO

    • Is it possible to restrict ZCRM user to see only custom views created by administrator

      I have segmented data in my CRM and I want to allow different users to be able to see only parts of it based on some criteria. I've tried to create and share a custom view, but then there is always an option for user to see all open lead for example.

    • Issues Logging into ZOHO

      Hello, one of my coworkers is having issues logging into ZOHO, she has requested a code when entering and the email is correct but she has not received the code. can you help us with this?

    • Google Fonts Integration in Pagesense Popup Editor

      Hello Zoho Pagesense Team, We hope you're doing well. We’d like to submit a feature request to enhance Zoho Pagesense’s popup editor with Google Fonts support. Current Limitation: Currently, Pagesense offers a limited set of default fonts. Google Fonts

    • Add Popup Rejection Metrics to Reports

      Hello Zoho PageSense Team, We would like to request improved reporting for popup interactions. Current Limitation: PageSense currently provides conversion data, but there is no clear visibility into: Popup rejections Popup closes (✕ button clicks) Dismissals

    • Ability to Reset / Reinitialize Popup Cookies

      Hello Zoho PageSense Team, We would like to request the ability to manually reset popup cookies. Current Limitation: At the moment, it is not possible to initiate a new popup cookie from the our side. Visitors who rejected or closed a popup will not see

    • Control Popup Cookie Expiration Duration

      Hello Zoho PageSense Team, We would like to request an enhancement related to popup cookie management. Current Limitation: Currently, PageSense popup cookies remain active for 365 days, and this duration cannot be modified by us. If a visitor closes or

    • Clone / Export Popup Design Across PageSense Projects

      Hello Zoho PageSense Team, We hope you’re doing well. We would like to request an enhancement that allows popup designs to be reused across different PageSense projects. Problem Statement: Currently, Zoho PageSense allows popups to be duplicated only

    • Are there settings for hyperlinks?

      Clicking a hyperlinked cell in Sheet creates this little pop-up with the actual hyperlink inside. Is it possible to have a 1-click link where if you click the cell it opens the link directly with no pop-up?

    • Automatically include all ticket attachments in the ticket resolution email

      Hello Zoho Community, We are implementing Zoho Desk in a real customer-facing production environment and have run into a limitation that is becoming a blocking requirement for our clients. The problem When a ticket is closed or resolved, Zoho Desk sends

    • adding several team members to an Opportunity

      How can we add several team members to one opportunity for collaboration? I have researched and only found something called Deal Team which I cannot find in my CRM to configure.

    • Finding text within a ticket: Expand All or Search this Ticket

      The auto-collapse feature within a ticket is nice for screen scrolling, however it makes it difficult to find text within the ticket if the email is collapsed. In fact you cannot find text if it is collapsed. I would like to propose a feature that allows

    • Books & Desk. Client mapping

      Hi, I’ve been using Zoho Books for several years and am now looking to improve my customer service. I'm experimenting with Zoho Desk and want to sync and map my client data from Zoho Books. However, it seems that mapping requires both contacts to have

    • Next Page