GDPR Mythbuster Month – Part 2

It’s our favorite spooky time of the year and you know what that means! It’s time to bust some GDPR myths!

You can also follow the series on our Instagram


Myth #1 GDPR won’t apply to the UK because of Brexit


The GDPR is designed to regulate how organisations process and control the personal data of EU citizens, regardless of where they are located. Moreover the UK has a law in place (Data Protection Act) which basically covers everything the GDPR does. The relationship between the UK and the European Union after the Brexit is still uncertain. Various models of cooperation have been highlighted such as the Norwegian, Swiss or Turkish models. Only the Norwegian model, which implies that the UK would remain a member of the European Economic Area would allow free flow of data between the European Union and the UK. Unless such an agreement is reached, the UK will become a “third country” under the GDPR.

Myth #2 When relying on consent to process personal data, consent must be explicit

The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent,meaning it must be unambiguous. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.  Explicit consent is required only for processing sensitive personal data – in this context, nothing short of “opt-in” will suffice. But for non-sensitive data, “unambiguous” consent will do.

Myth #3 Biometric data is sensitive data under the GDPR

You can be forgiven for thinking this. Biometric data can be sensitive data under the GDPR – but only if used for the purpose of “uniquely identifying” someone (Art. 9(1)). A bunch of photographs uploaded onto a cloud service would not be considered sensitive data, for example, unless used for identification purposes – think, for instance, of airport security barriers that recognize you from your passport photograph.

Myth #4 Individuals have an absolute right to be forgotten

he GDPR refers to the ‘right to be forgotten’ as the ‘right of erasure’ (Art. 17).  However, unlike the right to opt-out of direct marketing, it’s not an absolute right, it only arises in quite a narrow set of circumstances notably where the controller has no legal ground for processing the information. Organizations may continue to process data if the data remains necessary for the purposes for which it was originally collected, and the organization still has a legal ground for processing the data under Art. 6.

Myth #5 Every business will be subject to new data portability rules 

Data portability requirements are mandated only when processing is based on consent or contractual necessity (Art 20(1)). It does not apply when, for example, processing is based on legitimate interests. This is an important strategic point for businesses to consider when deciding upon the lawful grounds on which they will process personal data.



MetaCompliancefieldfisher / Lexoo / EUGDPR

1,715 thoughts on “GDPR Mythbuster Month – Part 2

  1. Wiley Verfaillie says:

    In this grand scheme of things you actually secure a B+ for hard work. Where exactly you lost everybody was on all the particulars. You know, people say, the devil is in the details… And that couldn’t be much more accurate right here. Having said that, permit me inform you precisely what did give good results. The article (parts of it) is definitely very convincing and that is possibly why I am making an effort to comment. I do not really make it a regular habit of doing that. 2nd, despite the fact that I can see a leaps in reasoning you come up with, I am not really certain of how you seem to connect the details that help to make your final result. For now I shall yield to your position but trust in the future you actually link the dots much better.

  2. stock market crash today says:

    Woah! I’m really enjoying the template/theme of this blog. It’s simple, yet effective. A lot of times it’s hard to get that “perfect balance” between usability and appearance. I must say you have done a awesome job with this. Additionally, the blog loads very fast for me on Internet explorer. Excellent Blog!

  3. Rich and poor says:

    Hi, just required you to know I he added your site to my Google bookmarks due to your layout. But seriously, I believe your internet site has 1 in the freshest theme I??ve came across. It extremely helps make reading your blog significantly easier.

  4. cialis usa says:

    short drama [url=http://cialislet.com/#]cialis.com[/url] ahead driver deliberately branch overall cheap
    cialis without prescription especially judgment [url=http://cialissom.com/#]cheap cialis online[/url] anywhere patient honest reading away buying cialis online uk
    already minor http://cialissom.com/