PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Common GDPR Compliance Mistakes Companies Are Making

By Annie Button
April 5, 2019
in Compliance and Regulation, Digital Assets & Crypto, Industry Opinions
0
57
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Common GDPR Compliance Mistakes Companies Are Making

Common GDPR Compliance Mistakes Companies Are Making

The General Data Protection Regulation (GDPR) has been in place since May 2018 – but there are still many businesses that are confused about issues surrounding compliance. Make sure that your business is not making any of the seven common GDPR mistakes listed below.

  1. Assuming that the size of business makes a difference

If you have a very small business, you might still assume that the GDPR does not apply to you. The answer to this is simple: any organisation that processes the personal data of EU citizens, needs to be compliant with the GDPR.

  1. Allowing Brexit to confuse the issue

There are still some businesses that assume that if Brexit goes ahead as planned, UK businesses will no longer be required to follow EU laws, and therefore there is no need for them to spend time and money on becoming GDPR compliant. However, this is a serious mistake.

Firstly, even after Brexit, any company that continues to process the personal data of any EU citizen (so, if you sell to customers in the EU), will need to follow the GDPR. And, perhaps more crucially, the UK government has chosen to transpose the GDPR rules directly in UK law under the Data Protection Act, so Brexit will have no effect on the law.

  1. Failing to appoint an Article 27 representative

There are some things that many businesses don’t even realise are an essential part of being compliant with the GDPR. For example, if your business is not based within the EU then you are required under Article 27 to appoint a representative for your business which holds your EU-based data and can act as a point of contact for EU authorities.

It might seem like only a small issue, but failing to appoint an Article 27 representative can allow you to be punished under the first tier of administrative fines. This fine could be as high as €10 million or 2 per cent of global turnover.

  1. Thinking online data is the only issue

Yes, it is certainly true that businesses have had to make major improvements and upgrades to their cyber security as a part of becoming GDPR compliant. But this had led to something of a misconception that only the data that is stored on computers falls under the remit of the GDPR, and therefore this is the only thing you need to be concerned about.

The truth is that all personal data recorded or processed by an organisation is covered by the GDPR. This means that if you store data offline, you need to ensure that it is processed and managed in a way that is fully compliant.

  1. Forgetting about the personal data of staff

The GDPR covers the personal data of all EU citizens, and many businesses spend a lot of time changing over processes and systems in order to ensure that the personal information of their customers is stored and processed in a way that is in full compliance with the regulations as they stand.

However, when the GDPR talks about the data of all citizens – it really does mean all. Don’t forget about your internal systems for tracking and processing the data of staff. These also need to be in compliance with the GDPR.

  1. Leaving it to one department

There is common problem that a business will believe that compliance with the GDPR can be left to a single department – usually the IT department. While, of course, many of the key changes do need to be managed by the IT department, the GDPR affects many different areas of the business, and it is important that members of staff all levels of the organisation take an active involvement.

All staff need to be provided with training in order to understand how the GDPR affects them and customers. Leaving the IT team to manage the GDPR will also overwhelm them.

  1. Using the regulation as a guide

As with the majority of regulations set down, the GDPR makes it clear what you must achieve – but it doesn’t provide you with a blueprint for how you are going to do it. Some companies are still making the mistake of focusing solely on the apparent requirements without thinking about how they apply to their business specifically. That’s why many organisations are choosing to work with GDPR specialists to ensure that they are in full compliance.

57
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: Compliance and RegulationGDPR

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    supply chain payments

    The Payment Process: The Supply Chain’s Most Overlooked Cyber Risk

    July 17, 2025
    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    July 16, 2025
    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    July 15, 2025
    Embedded Finance

    Embedded Finance: Bringing Payments Under a Single Umbrella

    July 14, 2025
    Making Real-Time Payments a Reality

    Fulfilling the Promise: Making Real-Time Payments a Reality

    July 10, 2025
    mortgage

    The Rich Benefits of In-House Payment Systems

    July 9, 2025
    digital cards

    Beyond Plastic: Why Digital Cards Are the Future

    July 8, 2025
    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    July 7, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result