The General Data Protection Regulation: A Myth-buster

Kate Pickering, Senior Associate, Fieldfisher; Phil Lee, Partner, Fieldfisher

Click the button below to download the full text of the article.


Abstract: The General Data Protection Regulation1 (GDPR) is an undeniably complex piece of legislation. Privacy professionals everywhere, the present authors included, have a lot to learn and — thankfully — there have been many excellent articles written on the topic. For the most part, these focus on the changes that the GDPR will bring about and, specifically, the compliance actions that organisations must take. By contrast, less has been said about what the new law will not require. This might sound unsurprising (why would anyone want to know about things they do not need to do?) but it is important to remember that, during the course of its adoption, the text of the GDPR changed many times. As a result, some provisions that were originally proposed were dropped from the final law (or otherwise changed beyond recognition), and this inevitably created a certain amount of confusion. Then throw in a sprinkling of occasional misreporting, together with a chain of misinterpretations, and suddenly knowing what the law does not require becomes almost as important as knowing what it does require. Below, this paper sets out — in no particular order — a few of the most common misconceptions regarding the GDPR.

Keywords: GDPR, data protection, regulation, compliance

Read this featured article now.
To read this article and receive further updates on Henry Stewart Publications content please register using the form below.