Skip to main content

General Data Protection Regulation or the GDPR has changed the landscape of the internet. Considering how impactful the GDPR is, it’s rather surprising how little people actually know about it. Two years after the enforcement of the GDPR, there are still some people who have a lot of misconceptions about the EU’s privacy regulation. This is why we thought it would be useful to put together an article about this subject. If this is something that you want to learn more about, read on as we shed some light on the four most common GDPR myths.

The GDPR Is a Burden for Organisations

A lot of companies view the GDPR as an extra burden, an obstacle that will make it harder for data-driven companies to collect, process and use personal data. However, over the last year, many organisations have found to their surprise that the GDPR brings many opportunities for data-driven companies. For example, 92% of companies that took on GDPR compliance initiatives noticed a substantial rise in consumer interaction and trust.

Every Organisation Needs to Appoint a Data Protection Officer (DPO)

Organisations are encouraged to appoint a DPO, according to Article 37 of the GDPR. In addition, organisations required to have a DPO will require a budget for the DPO to perform his or her job successfully. Generally speaking, this includes public authorities and public bodies, organisations with a large number of employees who carry out systematic monitoring of individuals, or organisations that process personal data. With that being said, it would be in your best interest to appoint a DPO even if your organisation isn’t required to have one as it will allow you to protect your customer’s data.

Personal Data Breaches Only Occur to Big Organisations

Another common misconception is that only larger multinational corporations or businesses, or those with over 250 employees, are required to follow the GDPR and that only large corporations have experienced data breaches. However, since the enforcement of the GDPR, tens of thousands of security incidents have been reported by all sizes of businesses across the EU and EEA.

The GDPR Is Solely About Data Subject Consent

Consent is one of the most well-known legal grounds for processing personal data, but there are more reasons for processing personal data under the GDPR. One of the goals of the regulation is to protect the rights of individuals, and ensuring control over personal data is one way it does that.

When collecting personal data, there are six legal grounds on which an organisation can justify its actions. Any of the six legal grounds is sufficient to warrant the collection of personal data; no single ground is inherently better than another from a legal perspective. The GDPR highlights that organisations should choose the legal ground that is most appropriate to their situation.


We hope this article has helped further your understanding of the GDPR. As you can see, many people’s misgivings about the GDPR are quite unfounded. Be sure to keep all of this information in mind so you can best navigate this regulation as smoothly as possible. If you need a little more help with the GDPR, be sure to reach out to professionals.

Aspiring for GDPR compliance in Australia? Rabbon is a cybersecurity company that provides consultations and help for organisations that need to minimise their cyber risks. Contact us today!

Leave a Reply