"Journal of Payments Strategy and Systems provides a host of useful, actionable and informative articles and papers that demonstrate the extraordinary opportunities for improving the payments systems. These are written by subject matter experts: corporate practitioners; consultants; bankers; vendors and scholars. The variety of the topics and the points of view make this a must read, even for those who think they know all there is to know about payments."
The General Data Protection Regulation: A Myth-buster
Click the button below to download the full text of the article.
Abstract: The General Data Protection Regulation1 (GDPR) is an undeniably complex piece of legislation. Privacy professionals everywhere, the present authors included, have a lot to learn and — thankfully — there have been many excellent articles written on the topic. For the most part, these focus on the changes that the GDPR will bring about and, specifically, the compliance actions that organisations must take. By contrast, less has been said about what the new law will not require. This might sound unsurprising (why would anyone want to know about things they do not need to do?) but it is important to remember that, during the course of its adoption, the text of the GDPR changed many times. As a result, some provisions that were originally proposed were dropped from the final law (or otherwise changed beyond recognition), and this inevitably created a certain amount of confusion. Then throw in a sprinkling of occasional misreporting, together with a chain of misinterpretations, and suddenly knowing what the law does not require becomes almost as important as knowing what it does require. Below, this paper sets out — in no particular order — a few of the most common misconceptions regarding the GDPR.
Keywords: GDPR, data protection, regulation, compliance