Martech: Martech is Marketing Logo
  • Topics
    • Customer & Digital Experience
    • Digital Transformation
    • Data
    • Marketing Management
    • Marketing Operations
    • Performance Marketing
    • Special Reports
    • All Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech

Processing...Please wait.

MarTech » Marketing Operations » Here are 9 misconceptions about GDPR

Here are 9 misconceptions about GDPR

Small businesses are exempt. US-only companies are not at risk. ‘Legitimate interest’ allows marketing without consent. And other myths.

Barry Levine on February 2, 2018 at 11:53 am | Reading time: 4 minutes

The upcoming General Data Protection Regulation (GDPR) is confusing enough without having to be weighed down by misconceptions.

So, here is a list of the top misconceptions about GDPR, according to two experts: Gary Southwell, VP/general manager of the cybersecurity division of security firm CSPi, and Kristina Podnar, a digital policy consultant (who also consults for us, Third Door Media).

Misconception #1: ‘Legitimate interest‘ allows marketing uses of personal data without user consent. While there is a “legitimate interest” exception in GDPR, it is always weighed against personal data rights. Podnar said a company could, for instance, utilize data without consent under legitimate interest if it were under court order to do so, or if the data were needed to protect some vital interest like human rights, or if I needed your Social Security number after you’d already agreed to buy a car. But otherwise, consent is needed, and it’s not enough that a user has agreed to receive marketing info.

Misconception #2: Small businesses are exempt. There is no exclusion under current GDPR for businesses with only a few employees. “GDPR doesn’t care” about your firm’s size, Podnar told me.

Misconception #3: When GDPR begins implementation on May 25, there will be massive data auditing. Podnar said she expects “a narrow group of companies are probably on the prime target list,” but they’re not smaller companies. “If I had to bet,” she said, “what will trigger [GDPR] audits will be data breaches, or if your company cannot comply with user requests like ‘right to be forgotten.'”

Misconception #4: If your company is outside the US and doesn’t have business with European Union countries, it is not affected. Both Southwell and Podnar point out that GDPR applies to EU citizens’ data, wherever it may reside. Podnar noted that it’s not always possible to definitively determine where an EU citizen is physically at any one time.

Misconception #5: Personal data is personal data, under GDPR. Podnar noted there is an important GDPR distinction between personal data that is “private data” and that which is “sensitive data.” Private data includes IP address, name or street address. Sensitive data includes religion, sex, union membership or level of education. There are differences between how the two types of personal data can be stored and what you can do with them. Sensitive data, for instance, cannot be used for making business decisions like approving a mortgage.

Misconception #6: Companies that are not in the EU cannot be sued under GDPR. Wrong, Southwell says. The law applies to EU citizens’ data, wherever it resides, and he noted that two Italian citizens could file the equivalent of a class action suit in Italy against a Florida company if that company misused their personal data.

Misconception #7: GDPR only relates to data that has been provided by users. Nope. It applies to all data generated, collected or related to a user, whether or not they provided it.

Misconception #8: There is only one kind of user consent. Incorrect. As with the “cookie law” that preceded GDPR, sites and apps can obtain user consent to deploy a cookie or capture data that is not specific to an individual, with a notice to the effect of: “If you continue using this site, you grant permission for us to deploy a cookie that shows which pages you viewed, so that we can send you a follow-up ad.” Unless matched with other data, this kind of cookie deployment and data capture only identifies, say, those users that looked at a page showing blue sneakers. But if that data — possibly matched with other data sets — can identify an individual, then “click here” explicit consent for stated uses is required. The required consent differs, depending on whether the granularity can identify you.

Misconception #9: The data privacy movement behind GDPR is limited to Europe. Southwell points out that GDPR-like regulations are now also being considered in Asia — notably Japan and Singapore — as well as Australia. And, he noted, almost all US states have laws governing involuntary data exposure, and at least three — California, New York and Massachusetts — are exploring the possibility of implementing more stringent consumer data privacy laws.


New on MarTech

    TransUnion partners with Canvas Worldwide to boost omnichannel CX
    A new way to find the tech talent you need 
    The only two things that matter in marketing
    How marketers are preparing for the future of in-game ads
    How CDPs transform donor experience for a nonprofit organization

About The Author

Barry Levine
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related Topics

Marketing Operations

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS The MarTech Conference logo.

September 28-29, 2022: Fall

Start Training Now: Master Classes

Start Discovering Now: Spring



The SMX Conference logo.

Start Training Now:: SMX Advanced

November 14-15, 2022: SMX Next

March 8-9, 2022: Master Classes

Webinars

Tracking Growth From Organic Search

Beyond the Buzzword: Transform Digitally to Drive Organic & SEO Growth

Leap or Linger: Determining Which Ad Platforms to Test for Your B2B Brand

See More Webinars
Intelligence Reports

Enterprise Marketing Performance Management Platforms: A Marketer’s Guide

Enterprise Customer Journey Orchestration Platforms: A Marketer’s Guide

Enterprise Account-Based Marketing Platforms: A Marketer’s Guide

See More Intelligence Reports
Featured White Paper

The CMO’s Formula To 3x Your Digital Marketing Campaign Results

See More Whitepapers
Search Our Site

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Terms Of Use
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.