Time to overcome denial

A few months after the General Data Protection Regulation became enforceable (25 May 2018), local supervisory authorities in Member States are buried in complaints about data protection violations.

In the first few months, such major legislative game changers as GDPR normally cause certain amount of stress and chaos throughout the world of business. However, the level of confusion triggered by the new Regulation exceeded all expectations.

Media focuses mostly on data security problems of giant, multimillion or even multibillion companies, unintentionally sending the wrong message: data protection should not bother small and medium-sized enterprises.

Our clients often contact us with “yes or no” questions, gravitating around the hope that their companies are not subject to the new data security rules:

  • Does GDPR apply for companies with less than 250 employees?
  • Our company is based in the US, should we do anything about the data we collect?
  • Isn’t GDPR there to regulate social media?
  • Our company does not sell anything online, so GDPR is not our concern. Right?

The greatest Myth of GDPR: the rules apply, regardless whether your business operates online or not

The last myth we intend to bust here is the one about the relevance of GDPR only for business activities carried out online.

Internet is the place where you usually get all these privacy notices, consent declarations and miles-long privacy policies. But company’s online activities are just a small percentage of the data processing activities, governed by GDPR.

Here is a simple example:

There are many businesses, involved strictly in B2B relations, having minimum online presence and zero interactions with individual customers /e.g. wholesale trade, export/transportation of goods etc./. But let’s not forget that such businesses interact with individuals internally – within the employment relations in the company, where the personal data of hundreds or even thousands of employees is being used, stored and transferred on daily basis.

GDPR compliance adjustments should happen in each and every business. Such adjustments are not always visible in a company’s online presence, but equally important and needed in all cases.

In the next article, we will tell you some more about how to take care of the employment relations in your company. Don’t forget to subscribe!


8 + 7 =