GDPR: when is an expert not an expert? (When he’s a whopper)

GDPR: when is an expert not an expert? (When he’s a whopper)

I want to address an issue which is starting to worry me. I’ve noticed that an alarming number of people are setting themselves up as self-appointed GDPR experts. That’s nothing new in IT, or in the business community in general. Every time we are faced with a challenge within the business community, an alarming number of people feel that they must not only have an opinion on the subject, but be seen as the expert voice. That is worrying in itself, but it is even more worrying when some of the self-appointed experts clearly have an agenda, which generally involves selling you something which is going to solve all of your problems.

In the past month, I’ve heard some ‘whoppers’ from people who’ve spoken to experts or who have attended brief seminars run by organisations claiming to be able to deal with all GDPR related issues in a two-hour seminar.

(NOTE to the uninitiated) A “whopper” is someone or something which displays an almost astonishing degree of stupidity. An “absolute whopper” is someone who then follows their advice.

  • You don’t have to worry about GDPR if you are a business to business organisation. WHOPPER! The truth is that all businesses and most Government organisations are potentially affected by GDPR.
  • When GDPR takes effect, you will have to store all of your data in the country of origin. WHOPPER! Someone here was obviously trying to sell a backup device or storage. Good effort, if completely unethical and possibly verging into criminal behaviour...
  • Only data which includes a name and address counts as personal data. WHOPPER! Anything which identifies any living individual counts as personal data. This might include a telephone number or even an IP address.
  • My organisation is safe because we are GDPR certified. WHOPPER! You might be GDPR compliant, but GDPR certification doesn’t exist! Even if you are GDPR compliant right now, this is something you will need to regularly review… which means you need a GDPR review process.

I don’t claim to be an expert!  I’ve taken the time to read this stuff, do the research and, just as importantly, speak to the people who actually do understand the details of this issue. What I do claim to be is the representative of an IT company which will ALWAYS tell you the truth and will ALWAYS offer you advice and support which delivers what you need, rather than what we want to sell this month.


Peter Clee

Contact Active IT for honest and accurate advice

GDPR certified