Revealed: the ‘dirty dozen’ of GDPR fake news stories

EU buildingBrand owners are being warned over a seemingly inexorable rise of GDPR “fake news”, with a leading compliance company detailing what it describes as a “dirty dozen” of the most frequent pieces of misinformation being circulated.
In a blog post, technology and compliance lawyer Jonathan Armstrong of Nexis Lexis-owned Cordery Compliance, claims the situation is getting worse. He writes: “More and more of our time is being taken up by calls from our clients after their CFO or another member of the leadership team has attended an event or read a vendor paper.
“In the worst cases, the team is told that their budget has been withdrawn/reduced because GDPR or some aspects of it ‘just don’t apply to them’.  The reality we’ve seen is that in every case it does. ” He goes on to detail the firm’s “dirty dozen” cases of fake news:
– GDPR is enforced by a new Brussels-based data police force
– GDPR only applies to personally identifiable information (PII)
– Fines are based on 4% of profit (not turnover)
– GDPR is all very new
– The new data rights (like data portability and the right to erasure/right to be forgotten) just won’t be used
– Data processors have no liability
– Organisations outside of the EU have no liability
– GDPR looks good but won’t be enforced
– GDPR doesn’t apply to financial services
– GDPR doesn’t apply to the health sector
– GDPR won’t apply because of Brexit
– GDPR brings in just one set of laws for the whole of Europe – the law will now be exactly the same across the EU
The company is now launching a campaign to highlight other aspects of GDPR fake news on Twitter under #GDPRfakenews.
Armstrong adds: “Some of the GDPR fake news comes from old articles. for example the fine levels have changed from the 2012 draft to the final version.  But there are no excuses for some of the other alternative facts which are either misinformed, or just wishful thinking.
“The danger of GDPR fake news is it just reduces readiness. It is not responsible to speak at an event and tell people to forget about GDPR because Brexit means it will not apply in the UK.  There is not a shred of evidence for this and that pronouncement from the ‘expert’ speaker might mean 70 or 80 organisations fail to prepare.
“I’ve had the same at an event last year where someone told a large audience that GDPR didn’t apply to financial services and was pretty shirty when I argued it did.  The ‘evidence’ it seems was that he had spoken to a junior lawyer at a bank at a breakfast event who had said so.  Was that enough evidence to tell 150 people in a room that they could stop getting ready?”

Related stories
Firms face bombardment of data requests under GDPR
Insurance firms face deleting ‘two-thirds of their data’
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’
Major ICO recruitment drive to prevent GDPR meltdown
GDPR fears mount over delay to ICO consent guidance
ICO insists GDPR guidance will cover legitimate interest
John Lewis and HSBC slam ‘ambiguous’ GDPR guidance
Lack of GDPR guidance fuels fears over bombardment

Print Friendly