Myth: Consent is the only way to process data 


Consent is the most viable and perhaps only option when it comes to some aspects of collecting and using personal data but there are six other ways the GDPR allows for personal data to be processed.


Companies need to know what suppliers they’re working with, and where and how the data is shared and traded by those partners.


Companies should also look into whether they need to appoint a Data Protection Officer to assist with compliance.




Fact: The GDPR will come into force on May 25 2018. It will change how businesses and public sector organisations can handle the information of their customers. This is not something that can be delayed.  You will need to be compliant by this date.


Myth: Receiving a business card is consent to be placed on a marketing database.


Unless you can prove and show a consent statement at the time & date of the initial exchange, simply accepting a business card will not be enough to be considered consent.


Ideally you should set up an alternative way to capture opt-in data from meetings and events. This is a good way to make sure you’re making the most of your meetings.


Fact:  The GDPR extends liability beyond data controllers

In the past, only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organisations that touch personal data.