GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



    • Recent Topics

    • Email Notifications not pushing through

      Hi, Notifications from CRM are not reaching my users as they trigger.  We have several workflow triggers set up that send emails to staff as well as the notifications users get when a task is created for them or a user is tagged in the notes.  For the past 6 days these haven't been coming through in real time, instead users are receiving 30-40 notifications in one push several hours later.  This is beginning to impact our daily usage of CRM and is having a negative effect on our productivity because

    • Ticket layout based on field or contact

      Hi! I want to support the following use-case: we are delivering custom IT solutions to different accounts we have, thus our ticket layouts, fields and languages (priority, status field values should be Hungarian) will be different. How should I setup

    • Add specific field value to URL

      Hi Everyone. I have the following code which is set to run from a subform when the user selects a value from a lookup field "Plant_Key" the URL opens a report but i want the report to be filtered on the matching field/value. so in the report there is

    • Syncing Bills in Zoho Books to Zoho CRM

      Is there any way to sync the Bills in Zoho Books in Zoho CRM

    • Desk DMARC forwarding failure for some senders

      I am not receiving important emails into Desk, because of DMARC errors. Here's what's happening: 1. email is sent from customer e.g. john@doe.com, to my email address, e.g info@acme.com 2. email is delivered successfully to info@acme.com (a shared inbox

    • SAML in Zoho One vs Zoho Accounts

      What is the difference between setting up SAML in Zoho Accounts: https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/configure-saml-in-zoho-accounts ... vs SAML in Zoho One?: https://help.zoho.com/portal/en/kb/one/admin-guide/custom-authentication/setting-up-custom-authentication-with-popular-idps/articles/zohoone-customauthentication-azure

    • How do I change the order of fields in the new Task screen?

      I have gone into the Task module layout, and moving the fields around does not seem to move them in the Create Task screen. Screenshot below. I have a field (Description) that we want to use frequently, but it is inconveniently placed within the More

    • Zoho Inventory. Preventing Negative Stock in Sales Orders – Best Practices?

      Dear Zoho Inventory Community, We’re a small business using Zoho Inventory with a team of sales managers. Unfortunately, some employees occasionally overlook stock levels during order processing, leading to negative inventory issues. Is there a way to

    • CRM gets location smart with the all new Map View: visualize records, locate records within any radius, and more

      Hello all, We've introduced a new way to work with location data in Zoho CRM: the Map View. Instead of scrolling through endless lists, your records now appear as pins on a map. Built on top of the all-new address field and powered by Mappls (MapMyIndia),

    • Deactivated Zoho One account can sign in

      I am concerned by the fact that deactivated users in Zoho One have the ability to sign in even after their account has been deactivated (not deleted). these inactive identities have no access to individual Zoho apps or data. based on my experience they

    • How can I reset the password for a user in Zoho Projects

      We need to reset the password for a user in Zoho Projects. I am the admin portal owner and there was nothing to be found to do this. very confusing.

    • No funcionan correctamente el calculo de las horas laborales para informe de tickets

      Hola, estoy intentando sacar estadísticas de tiempo de primera respuesta y resolución en horario laboral de mis tickets, pero el calculo de horas en horario laboral no funciona correctamente cree los horarios con los feriados : Ajusté los acuerdos de

    • How can I add a comment to an existing ticket via API?

      I need to add comments/notes to the history of an existing ticket using the API without overwriting the original ticket description. Thanks!

    • Notification to customers when I use a Zoho function

      Hi all, I tried searching the community but couldn't find anything about it. I noticed that the customer receives the notification of reopening the old ticket but does not receive the notification of opening a new ticket when I use the function: "separate

    • Internal Error When Accessing Team Inbox.

      All our users are seeing this error in teaminbox. Because its a critical tool kindly resolve this issue ASAP.

    • Marketer's Space: Proven tips to improve open rates – Part III

      Hello Marketers! Welcome back to another post in Marketer's Space! This is the final post in the "open rate series". In the first and second parts, we discussed topics ranging from sender domains to pre-headers—but we're not done yet. A few more important

    • MCP no longer works with Claude

      Anyone else notice Zoho MCP no longer works with Claude? I'm unable to turn this on in the claude chat. When I try to toggle it on, it just does nothing at all. I've tried in incognito, new browsers, etc. - nothing seems to work.

    • Change Number Field to Decimal Field

      Hi, It would be nice to be able to change the field type without having to delete it and create a new one, messing up the database and history. Thanks Dan

    • Allow Text within a Formula

      Hi, I would like to be able to use this for others things like taking an existing Date Field and copying its value, so by entering getDay(Date)&"-"&getMonth(Date)&"-"&getYear(Date) it results in 01-02-2026. And then when the Date is changed so is this

    • Zoho Social - Feature Request - Reviewer Role

      Hi Social Team, I've come across this with a couple of clients, where they need a role which can review and comment on posts but who has no access to create content. This is a kind of reviewer role. They just need to be able to see what content is scheduled

    • Zoho Books/Inventory - Update Marketplace Sales Order via API

      Hi everyone, Does anyone know if there is a way to update Sales Orders created from a marketplace intigration (Shopify in this case) via API? I'm trying to cover a scenario where an order is changed on the Shopify end and the changes must be reflected

    • Zoho Inventory / Finance Suite - Add feature to prevent duplicate values in Item Unit field

      I've noticed that a client has 2 values the same in the Unit field on edit/create Items. This surprised me as why would you have 2 units with the same name. Please consider adding a feature which prevents this as it seems to serve no purpose.

    • Zoho CRM for Everyone's NextGen UI Gets an Upgrade

      Hello Everyone We've made improvements to Zoho CRM for Everyone's Nextgen UI. These changes are the result of valuable feedback from you where we’ve focused on improving usability, providing wider screen space, and making navigation smoother so everything

    • Kaizen #224 - Quote-driven Deal Reconciliation Using Zoho CRM Functions and Automation

      Hello everyone! Welcome back to another instalment in the Kaizen series. This post covers quote-driven deal reconciliation, emphasizing Functions and Automation to address practical sales challenges. Business Challenge Sales organizations often mark deals

    • Dependent / Dynamic DropDown in ZohoSheets

      Has anyone figured out a way to create a Dropdown, the values of which is dependent on Values entered in the other cell ?

    • Zoho Inventory - Composite Items - Assembly - Single Line Item Quantity of One

      Hi Zoho Inventory Team, Please consider relaxing the system rules which prevent an assembly items from consisting of a single line item and outputting a quantity of 1. A client I'm currently working with sells cosmetics and offers testers of their products

    • Directly Edit, Filter, and Sort Subforms on the Details Page

      Hello everyone, As you know, subforms allow you to associate multiple line items with a single record, greatly enhancing your data organization. For example, a sales order subform neatly lists all products, their quantities, amounts, and other relevant

    • BARCODE PICKLIST

      Hello! Does anyone know how the Picklist module works? I tried scanning the barcode using the UPC and EAN codes I added to the item, but it doesn’t work. Which barcode format does this module use for scanning?

    • Zoho Inventory - Allow Update of Marketplace Generated Sales Orders via API

      Hi Inventory Team, I was recently asked by a client to create an automation which updated a Zoho Inventory Sales Order if a Shopify Order was updated. I have created the script but I found that the request is blocked as the Sales Order was generated by

    • How do I create an update to the Cost Price from landed costs?

      Hi fellow Zoho Inventory battlers, I am new to Zoho inventory and was completely baffled to find that the cost price of products does not update when a new purchase order is received. The cost price is just made up numbers I start with when the product

    • Manage control over Microsoft Office 365 integrations with profile-based sync permissions

      Greetings all, Previously, all users in Zoho CRM had access to enable Microsoft integrations (Calendar, Contacts, and Tasks) in their accounts, regardless of their profile type. Users with administrator profiles can now manage profile-based permissions

    • Zoho OAuth Connector Deprecation and Its Impact on Zoho Desk

      Hello everyone, Zoho believes in continuously refining its integrations to uphold the highest standards of security, reliability, and compliance. As part of this ongoing improvement, the Zoho OAuth default connector will be deprecated for all Zoho services

    • VoC in Zoho CRM is now data savvy: Explore response drilldown, summary components and participation in CRM criteria

      VoC has all the goods when it comes to customer intelligence—which is why we're constantly enhancing it. We recently added the following: A customer drilldown component that shows you the list of prospects and customers behind a chart's attribute Expanded

    • How do I bulk archive my projects in ZOHO projects

      Hi, I want to archive 50 Projects in one go. Can you please help me out , How can I do this? Thanks kapil

    • Error 0x800CCC0F Outlook

      Hello, i cannot send or receive email in outlook. can you please help. 'Sending' reported error (0x800CCC0F) : 'The connection to the server was interrupted. If this problem continues, contact your server administrator or Internet service provider (ISP).'

    • Passing the CRM

      Hi, I am hoping someone can help. I have a zoho form that has a CRM lookup field. I was hoping to send this to my publicly to clients via a text message and the form then attaches the signed form back to the custom module. This work absolutely fine when

    • Can I add Conditional merge tags on my Templates?

      Hi I was wondering if I can use Conditional Mail Merge tags inside my Email templates/Quotes etc within the CRM? In spanish and in our business we use gender and academic degree salutations , ie: Dr., Dra., Sr., Srta., so the beginning of an email / letter

    • Zoho vault instal on windows

      I am trying to use Zoho Vault Desktop for Windows, but I am unable to complete the sign-in process. Problem description After logging in to my Zoho account and clicking Accept on the authorization page, nothing happens. The application does not proceed

    • Zoho Browser??

      hai guys, this sounds awkward but can v get a ZOHO BROWSER same as zoho writer, etc. where i can browse websites @ home and continue browsing the same websites @ my office, as v have the option in Firefox, once i save and close the browser and again when i open it i will be getting the same sites. If u people r not clear with my explanation, plz let me know. Thanks, Sandeep  

    • Let’s Talk Recruit: LinkedIn Cheatsheet

      Welcome to the first edition of Let’s Talk Recruit for 2026. We are kicking off the year by revisiting one of the most asked about topics in Zoho Recruit. How our LinkedIn integrations actually work and how recruiters can get the most value from them.

    • Next Page