In this post, we dispell some of the commonly heard GDPR myths. If you don't know about GDPR - read this first, then come back here.
Recently many business owners have spoken to us about GDPR, and quite frankly we've been amazed (but unsurprised) by some of the things we have heard. From salespeople saying they can make businesses compliant with a particular service/product or training offer through to downright scaremongering, lies and selling of unicorn solutions.
It's important to say at this point we're not a legal authority, but we do offer security and GDPR services (cheeky disclaimer and no GDPR myths found here) however we do want to dispel some of the myths you might have heard.
No single product or service can make you GDPR compliant!
GDPR is an ongoing commitment; much like cashflow forecasting or IT security. You will need to build (best practice) processes into your business and even change some of your current operations including the provision for continued testing or auditing.
We've seen companies selling Cyber Essentials and other well known (and respected) security certifications as a solution to GDPR. While such accreditation will undoubtedly help your business in the area of Cyber Security, and that alone does not address GDPR.
Lastly, there is no official GDPR Certified Training, while Data Protection Officer and Practitioner training exist there is no authorised or official training, no amount of training alone will make you GDPR compliant.
The Information Commissioner's Office (ICO) is a great place to start if you want to understand GDPR and how it will affect you and as we mentioned go and read our lengthy blog post about it - we know you didn't really read it.
In essence, GDPR is an enhanced approach being adopted across Europe that aims to better protect our personal information and how companies use said information. It's a combination of common sense, privacy by design and business process.