5 Misconceptions about General Data Protection Regulation (GDPR)

With the recent explosive growth of on-line data, particularly personal data, the EU Commission has enacted GDPR to curb problems of user privacy.

How would you feel if someone monitored your online activities? What if someone acquired access to private information about you or your company?

With the recent explosive growth of on-line data, particularly personal data, the European Union Commission has enacted General Data Protection Regulation (GDPR) to curb problems of user privacy. All companies, including SMEs, are required to abide by it. Users can now prevent companies from storing their personal information and/or using it for marketing purposes. Customer approval is necessary before companies can utilise their information.

GDPR general data protection regulation

General Data Protection Regulation has many advantages for users and businesses alike, including:

  1. Greater consumer confidence
  2. Improved data security
  3. Reduced data maintenance costs
  4. Increased alignment with evolving technology

To check whether your business is GDPR compliant, take this quiz! We also recommend viewing this GDPR checklist.

Some unintended misconceptions have arisen around GDPR which are a threat to its successful implementation:

Companies operating within the EU can only be sued under GDPR

Small businesses are exempted from GDPR

GDPR will legally harm businesses

Consent must be explicit

GDPR will not be applicable in the UK after Brexit

1. Companies operating within the EU can only be sued under GDPR

This is a widespread misconception, and many people believe that GDPR is only applicable on companies operating within the EU. In reality, GDPR applies to data of all European Union citizens, whether that data is being used by a company in Europe or anywhere else in the world. Therefore, information of all EU citizens is protected, irrespective of where the company operates.

2. Small Businesses are Exempted from GDPR

While some argue that small companies are not required to abide by these regulations, the opposite in fact is true. Hence, users can freely access any website (belonging to companies of all sizes) without having to worry about personal information being used without consent.

According to an excerpt from gdpr-info, “In order to ensure a consistent level of protection for natural persons throughout the Union and to prevent divergences hampering the free movement of personal data within the internal market, a regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises” (Recital 13)

3. GDPR will Legally Harm Businesses


Businesses that are GDPR compliant do not have to worry. However, those who do not abide by GDPR are committing an offence and open to legal action against them. Businesses that adhere to this regulation will benefit, because customers generally prefer companies that respect privacy.

4. Consent Must be Explicit

Another common misconception is that permission from users has to be stated explicitly. As long as a clear implied contract exists, no explicit consent is required, except in a few areas that require an open approval. Apart from these few categories (health, criminal records, race, etc.), all others may have an implied contract, so long as no doubt about consent exists.

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement” (Recital 32)

5. GDPR Will Not be Applicable in the UK After Brexit


Many believe that once Brexit takes place, GDPR will not be applicable in the UK. Even though the UK may remain a member of the Union several months post-Brexit, both Houses have approved a bill effectively the same as GDPR, called the Data Protection Act, 2018. This Act emphasizes laws regarding processing of information relating to individuals, and will replace GDPR in the UK.


General Data Protection Regulation (GDPR), a fundamental law passed by the European parliament, has proven to be essential for both users and businesses. Users are clearly benefiting from this regulation since privacy concerns have been addressed. Companies are gaining from this as well since customers are more willing to visit websites that are GDPR compliant.

Advantages of GDPR include greater consumer confidence, improved data security, reduced data maintenance costs, and increased alignment with evolving technology. However, some common misconceptions are undermining the importance of this regulation and its effective implementation.


Latest news