Misconceptions about GDPR

Key points

Misconception #1: ‘Legitimate interest‘ allows marketing uses of personal data without user consent. While there is a “legitimate interest” exception in GDPR, it is always weighed against personal data rights. A company could, for instance, utilize data without consent under legitimate interest if it were under court order to do so, or if the data were needed to protect some vital interest like human rights, or if I needed your Social Security number after you’d already agreed to buy a car. But otherwise, consent is needed, and it’s not enough that a user has agreed to receive marketing info.

Misconception #2: Small businesses are exempt. There is no exclusion under current GDPR for businesses with only a few employees. “GDPR doesn’t care” about your firm’s size.

Misconception #3: Personal data is personal data, under GDPR. There is an important GDPR distinction between personal data that is “private data” and that which is “sensitive data.” Private data includes IP address, name or street address. Sensitive data includes religion, sex, union membership or level of education. There are differences between how the two types of personal data can be stored and what you can do with them. Sensitive data, for instance, cannot be used for making business decisions like approving a mortgage.

Misconception #4: GDPR only relates to data that has been provided by users. Nope. It applies to all data generated, collected or related to a user, whether or not they provided it.

Misconception #5: There is only one kind of user consent. Incorrect. As with the “cookie law” that preceded GDPR, sites and apps can obtain user consent to deploy a cookie or capture data that is not specific to an individual, with a notice to the effect of: “If you continue using this site, you grant permission for us to deploy a cookie that shows which pages you viewed, so that we can send you a follow-up ad.” Unless matched with other data, this kind of cookie deployment and data capture only identifies, say, those users that looked at a page showing blue sneakers. But if that data — possibly matched with other data sets — can identify an individual, then “click here” explicit consent for stated uses is required. The required consent differs, depending on whether the granularity can identify you.

See more..
https://martechtoday.com/9-misconceptions-gdpr-210436?utm_src=ml&utm_medium=textlink&utm_campaign=mlxpost

TimHJRogers

+447797762051 Skype: timhjrogers TimHJRogers@gmail.com