What is GDPR and what does it mean for Australian businesses?
The General Data Protections Regulation (GDPR) is a ruling designed to protect the data of individuals in the European Union. At first, you might not think that this will have any affect on Australian businesses, but in light of the Facebook debacle and other instances of national and international data breaches, you would be wrong.
Set to be enacted on 25th May 2018, any business that does not comply with this ruling will face heavy fines, so it pays to be up-to-date with the GDPR.
What is a data breach under the GDPR?
Under the GDPR, a data breach occurs when an individual’s personal data has been compromised. Specifically, this occurs when an outside entity accesses an individual’s data without their permission. In most instances, these data breaches are of a malicious nature and under the GDPR, any business suffering a data breach must notify the appropriate data protection agency within 72 hours and inform the affected individuals without delay.
Which Australian businesses are impacted?
Just because the GDPR is aimed at protecting EU citizens, that doesn’t mean Australian businesses have nothing to worry about. Far from it, because the GDPR applies to any business that has access to the personal data of EU citizens. It doesn’t matter that your business is based in Australia and not the EU, you still have to comply with both the Australian and now the EU privacy laws.
Those who need to comply with the GDPR are Australian businesses that have clients or an establishment in the EU, provide goods or services in the EU or monitor the behaviour of individuals in the EU.
What do Aussie businesses have to do to comply?
Just as the GDPR affects businesses that collect data of EU citizens, the Australian Privacy Act does a similar job in Australia, applying to businesses that collect data on Australian citizens. If you are already compliant with the Australian Privacy Act, you are well on your way to being compliant with the GDPR, but there are a few additional steps you need to take.
The notable differences between these two pieces of legislation pertain to certain rights of the individual, notably, the GDPR includes the ‘right to be forgotten’ or to have their data removed from the system if requested by the data’s owner. The Australian Privacy Act does not include equivalent individual rights, so all businesses that collect data from EU citizens will need to be aware of these additional requirements.
Another difference is that the GDPR applies to all businesses, whilst the Australian Privacy Act only pertains to certain businesses. This means that if you don’t need to comply with the Australian Privacy Act due to the size or type of your business, you will have to comply with the GDPR. This might seem like a lot of work, but your customer’s will appreciate your efforts in protecting their data, particularly when you are not legally obliged to do so under Australian legislation.
You can find out more specific information about how to comply with the GDPR on the Office of the Australian Information Commissioner’s website.
What happens if a company doesn’t comply with the GDPR?
If a company doesn’t comply with the Australian Privacy Act, there are no specific fines contained within the legislation, however the GDPR does contain specific fines for non-compliance. These include fines of up to €20 Million or 4% of the company’s worldwide turnover – whichever is greater.
This new legislation means that any business that deals with any person or entity in the EU must ensure that they are compliant with the GDPR by 25th May 2018, otherwise they will suffer severe financial consequences, if a data breach occurs.
Many businesses find that complying with both the Australian and European Privacy Laws is made much easier with an up-to-date, secure and fully encrypted website. If you think that this might be the case for your business, call us on (02) 8211 0668 or email us at [email protected] for a robust discussion on the topic.
Co-founder of Cornerstone and marketing junkie, Michael knows just how to diagnose your online problems and remedy the issue. An online enthusiast who believes in technology as an enabler of growth, Michael worries about all the details so you don't have to.