May 25, 2018

Don’t Panic! 11 GDPR Myths Debunked

The General Data Protection Regulation takes effect on 25 May, with new fines of up to £17m or 4 per cent of your global turnover applying for breaches of personal data.

A lot has been said about this new regulation in the media, and there have been warnings that many businesses know very little or nothing at all about the GDPR.

For employers it has a significant bearing on your relationship with your staff, so what are the myths doing the rounds and the realities behind them?

Myth #1: I must have completed this formidable project by 25 May.

Reality: It’s just another day in the calendar. The Information Commissioner will not be breaking your door down on the 26th. Many of the provisions of GDPR are already contained in existing UK legislation. However, sensibly, you should still be preparing for GDPR.

Myth #2: GDPR doesn’t apply to us – we’re only a small business

Reality: If you gather personal data, GDPR applies – whatever your size. Record keeping obligations are more relaxed for those with less than 250 employees, but they still apply!

Myth #3: Brexit is just around the corner. This is European legislation and won’t apply then

Reality: The Government has made it clear that GDPR provisions will continue post-Brexit. A new Data Protection Bill is currently passing through Parliament (somewhat late!) to ensure this happens and will tie GDPR provisions into other UK legislation.

Myth #4: If I ignore GDPR it will go away

Reality: It won’t. And the financial penalties for ignoring it are very steep, to say nothing of the prospect of civil claims for compensation. The Information Commissioner will look more favourably on you in the event of an inadvertent breach if you’ve been making efforts to comply.

Myth #5: All my data is processed by third parties I contract with. I don’t need to do anything.

Reality: It’s true that third party processors have new responsibilities under GDPR. However, as data controller you are not relieved of your own responsibilities. Indeed, you also have additional responsibilities to ensure those you engage to process data operate in a GDPR-compliant way.

Myth #6: I will now have to ask all my staff for approval to use their personal data

Reality: If you are using Moorepay documentation this will be avoided. You will assert your right to their personal data, principally for three reasons:

  1. To fulfil your legal obligations
  2. In furtherance of their employment contract
  3. Because you have a legitimate interest in the data which is not over-ridden by their own fundamental rights and freedoms

Myth #7: I will have to delete everything the day people leave because they have the right to be forgotten

Reality: You should only retain data for as long as necessary to fulfil the purpose for which it was gathered. In some cases this may be a matter of a few weeks or months. However, in many circumstances it may be five or six years or even longer. In certain circumstances it can be forty years or even indefinitely.

Myth #8: Personal data is only what I’ve written down about staff

Reality: Personal data can be anything from which a living person can, directly or indirectly, be identified. It might be a photograph, CCTV footage, a tracker on their company car, or an electronic footprint such as their personal email address.

Download your FREE, essential GDPR Readiness Package

Myth #9: I have to disclose all data losses to the Information Commissioner and affected staff immediately

Reality: You only have to disclose a breach which has a potentially significant detrimental impact on the individual. Effectively, this is something which affects their rights or freedoms – for instance potential financial loss or inappropriate disclosure of personal confidential data.

Myth #10: GDPR is going to mean that everything my business does must now meet data processing principles and practices

Reality: GDPR is about the personal data of living individuals. It’s not about “business to business” data.

Myth #11: I can’t process “sensitive personal data” any longer because of GDPR

Reality: Actually, very little has changed from the existing UK provisions. In most circumstances you will be able to continue to process sensitive data in the way you do now.

How We Can Help

Moorepay customers with a HR contract will normally receive an annual review of their employment documents. Reviews from last November onwards have incorporated GDPR compliant wording and suitable letters to provide for staff. If you are a customer whose annual review is not yet due, please don’t panic! Your existing documentation is already broadly compliant for GDPR purposes, and we will amend it further when your review takes place.

We do appreciate the GDPR (including those financial penalties) can seem very scary. If you’d like further information or would like to discuss your GDPR position further please call the Advice Line on 0845 073 0270 (select option 2).

Share this article

About the author

Mike Fitzsimmons

About the author

Mike Fitzsimmons

Mike is a Senior HR Consultant within the Moorepay Policy Team. He is responsible for the developing of employment documentation and is an Employment law advisor. With over 30 years of senior management and HR experience, Mike has managed teams of between 30 and 100 employees and is familiar with all the issues that employing people brings. He has also served as a non-executive director on the Boards of several social enterprises and undertook a five year tour of duty as Executive Chair of a £30+ million annual turnover Government agency.

Related Posts

government furlough gender pay reporting
Gender Pay Gap Reporting 2021: Including Furloughed Employees

Required to submit a gender pay gap report next year? Furloughed some of your employees…

View Post
Are you prepared for the changes to off-payroll working (IR35) rules effective from April 2020?
Are You Prepared for the Changes to Off-Payroll Working (IR35) Rules Effective from April 2021?

The off-payroll working (IR35) rules in the private sector are changing on 6 April 2021.…

View Post
Health and Safety Annual Update With Statistics

Surprising statistics have come out during this year's annual update from the HSE. 5th November…

View Post

Making payroll & HR easy