The General Data Protection Regulation or better known as GDPR was introduced in order to protect the privacy of the individuals who maintain the databases and the internet users and organizations who use them. The regulation was created in order to ensure that websites are safe from unauthorized use. This could include anything from data from being compromised by hackers and use the stolen information to fulfill their evil schemes.
And like other laws, the GDPR is also subjected to some myths and misconceptions that influence people to believe what is not true. Likewise, the legal statements included can be too convoluted that they often get misinterpreted which often leads to misconstrued ideas about its intended purpose.
So if you’re a website owner or blogger and you need more clarification about the complexity of GDPR, we are here to help you.
Read more as we’ll bust some of the ridiculous GDPR myths that most believe and set the record straight to ensure your website or blog is GDPR compliant.
Myth 1: Non-EU Websites Doesn’t Require Cookie Consent
Fact: The General Data Protection Regulation clearly states that all organization that provides goods and services to internet users regardless if they are located within the EEA and EU or in other countries must comply with this regulation. The localization of the company or organization doesn’t matter as any website that receives traffic and collects personal data from users must comply with the GDPR policy.
Moreover, if you’re website is catering to EU residents, is getting traffic from EU countries, have clients or subscribers from EU countries, and is using Google Analytics, then it would be best that you comply to avoid facing harsh penalties. Read this post if you want to know if the GDPR applies to US citizens.
Myth 2: If A Website Visitor Declines All Cookies, They Won’t Be Allowed To Access The Website
Fact: The simple answer is NO as denying access and full services to an internet user are prohibited by law. And the reason behind this myth is because of cookie walls where a website displays a popup banner that restricts user access unless they click the “accept all cookies” button.
The use of ‘tracking walls’ is in violation of the GDPR policy as any user must be allowed to have full access to a website and its services and should not be conditional.
Myth 3: GDPR Prohibits Websites And Blogs From Calling Or Sending Marketing Emails To Customers
Fact: Getting the user’s consent is a way to be GDPR compliant. And you can rely on other internet regulations to get consent from your internet users and guests. The fact of the matter is you are still allowed to send marketing emails or calling your customers as long as you comply with the following procedures:
- Opt-in and pre-selected check boxes don’t count as valid user consent.
- Internet users can easily withdraw their consent anytime they want.
- Your GDPR statement must be clear and concise and should be written in plain language so it can be easily understood.
Myth 4: Small Businesses Are Exempted From The GDPR Policy
Fact: No organization is exempted from GDPR, even if the business only has few employees. To be specific, small and medium enterprises are now required to pay a registration fee of £40 (US$55.33) or more while larger organizations are required to pay more.
Myth 5: All Companies Must Appoint A DPO (Data Protection Officer)
Fact: According to GDPR guidelines, Data Protection Officers are only required for:
- Public authorities
- Organizations that deal with large-scale systematic monitoring.
- Organizations that deal with sensitive personal data processing on a large scale.
If your business doesn’t fall in any of these categories, then you’re not required to appoint a DPO (though assigning one is recommended to ensure good practice).
Myth 6: Cookie Notice Affects Our User Experience
Fact: Yes it’s true that cookie banners can be a hassle, and seeing them popping up on your screen while visiting a website can be quite frustrating. But are they are not completely useless because it protects your personal data from being used by others who want to send endless targeted advertisements. Aside from that, it keeps you informed about what third party sites will do after collecting your personal information.
If spending a few more seconds reading the cookie banner is all it takes to protect your personal data from being exploited by others, then it’s all worth it.
Myth 7: Cookie Banners Affect Your Website’s SEO (Search Engine Optimization)
Fact: Cookie banners do not affect a website’s SEO in any way. They just have to be properly implemented to avoid having intrusive interstitials. But in any case, Google does not consider this as a factor in ranking your website. So there’s no reason those cookie banners will affect your site’s search performance in a negative way.
Myth 8: GDPR Guidelines Just Came Out Of The Blue
Fact: GDPR is already being implemented since 2016. It’s just that most organizations notice don’t really pay attention to it until the deadline is looming. Hence, it appeared as it was executed on short notice.
Myth 9: It’s About Users Giving Freely Their Information Without Letting The Website Sending Them Follow Up Offers
Fact: Data protection and GDPR was drafted to educate users about their personal rights and introduce a culture where everybody on the internet will respect these rights. And it’s about how you communicate to your customers, readers guests; knowing the type of information collected; how the information is collected; how the information is handled, stored, and transferred; how the information is used; and how the user can revoke their consent at any time.
Moreover, it’s about letting the user give consent, rather than assuming you already have their consent. And through practice, your website is building a good relationship with your customers.
Myth 10: It’s Impossible To Comply With The GDPR For US-Based Website Owners
Fact: Although it may not be easy, complying with GDPR guidelines is not as complicated, especially if your website is getting traffic from EU countries and has EU customers and/or subscribers. You simply need to follow these steps to be GDPR compliant:
- Audit and document the personal data of your customers.
- Review and document for data processing.
- Review the privacy notices and revise wherever necessary.
- Get compliant consent and make sure your consent is explicit moving forward.
- Safeguard users’ data and keep records of all consent.
Visit Metaverse Law’s website today to learn more about the GDPR law and its applications.