GDPR does NOT:
- prohibit a hairdresser from telling a customer what hair color they used on their hair
- prevent the fire department from telling a property management company whether there had been a fire in one of its properties
- ban or impede the sharing of medical or health data when needing to attend to an unconscious patient
It does require that organizations consider – in advance, at a policy level – how to carry on such data sharing practices while still ensuring personal data are adequately protected. In an effort to address misconceptions about the privacy regulation, the Irish Data Protection Commissioner has issued the first of a series busting GDPR myths.