McGuireWoods London associate Alice O’Donovan explained the most common misconceptions about the European Union’s General Data Protection Regulation (GDPR) in an article written for Total Business Magazine.
“It is a complex piece of legislation with broad applicability and significant potential sanctions for noncompliance,” wrote O’Donovan, who advises multinational clients on GDPR compliance and other data privacy issues. “Myths and misconceptions have arisen about it as a result.”
For example, some businesses think GDPR does not apply to them because they “don’t use personal data” in their operations. But if they process personal data at all, O’Donovan noted, they must comply.
“Does your business have customers? Employees? Suppliers? If so, your business processes personal data. Virtually every business with an establishment in the EU is within the scope of GDPR — even if that’s just by virtue of having employees,” she wrote.