The GDPR (General Data Privacy Regulation) passed in the European Union (EU) in May and is one of the most popular topics of discussion amongst businesses who may or may not conduct business on an international level. Time and time again, businesses and even media publications have stated that GDPR isn’t important to them, simply because they’re either “not affected” or “not governed” by these regulations. Many hold the perception that GDPR only applies to those in the EU, or those who manage business directly in the EU. There is a misconception that the GDPR does not apply to businesses who do not offer goods or services to EU consumers, or process personal EU data. However, in all these scenarios, the GDPR rules and regulations still apply.

Here are three of the most common misconceptions about GDPR and businesses:

My Organization Does Not Process EU Personal Data

One of the first misconceptions about GDPR results from an organization’s belief that they do not process personal data from the European Union. However, many people do not understand the full scope of the GDPR definition of personal data. The definition as allocated in the GDPR defines personal data as “anything that can directly or indirectly identify a natural person.” This is in reference to any identifier such as name or identification number, location data or any online identifier such as IP address. Additionally, many fail to realize the definition of processing as defined by the GDPR actually applies to any set of operations performed around data. This includes collecting information on customers, recording, alteration, retrieval of this information, consultation, use, erasure or destruction. Combine…