The latest GDPR ‘myth-busting’ blog from the Information Commissioner’s Office (ICO) is upon us – so, let’s see what’s tackled in this edition.
With the General Data Protection Regulation (GDPR) set to come into law in May 2018, the ICO has been trying to dismantle some of the hearsay that has grown up around it.
In this week’s Myth-Bust-Blog, Information Commissioner Elizabeth Denham tackles no less than four misunderstandings, starting with: ‘All personal data breaches will need to be reported to the ICO.’
Not so, says the Commissioner: apparently, it’s only mandatory to report a breach if ‘it’s likely to result in a risk to people’s rights and freedoms’. If it isn’t, you don’t have to, so chill out.
Another of the ‘myths’ Denham takes a shot at is: ‘If you don’t report in time a fine will always be issued and the fines will be huge.’
A potentially terrifying prospect, indeed, but the ICO has long been at pains to explain that the GDPR is NOT about fining everybody every five minutes – it’s about protecting citizens’ private data. Furthermore, the Commissioner patiently writes that fines won’t just be generated automatically for every infringement – and they can be avoided completely if ‘organisations are open and honest and report without undue delay’.
Do have a read of the blog here as there are loads of interesting and important details to calm the nerves.