Soon the European Union General Data Protection Regulation (GDPR) will come into effect. All businesses will need to be compliant by 25th May 2018. GDPR compliance in Australia will effect many if not most businesses in an unsuspecting way.
What is GDPR? In short GDPR will give individuals in the EU more control over how any organisation or business use, collect and store their personal data.
These new laws are trying to address the use and abuse of individuals personal data to market businesses products and services. GDPR compliance in Australia will become a prominent issue in the coming months and the penalties are steep for those who do not comply.
In particular the IT giants like Amazon, Google and Facebook have been harvesting this information actively and quite easily for the past 4-5 years. Now, the European Union is offering the people an option to be aware of the way their data may be utilised. The latest Facebook debacle has highlighted why the European Union (and many Australian businesses as a consequence) are about to encounter the new GDPR laws.
Which businesses need GDPR compliance in Australia?
– All EU based businesses
– Businesses with an office, agent or representative in the EU
– If your business offers goods or services to individuals in the EU (free or paid)
– Collection of individuals ‘data’ who reside in the EU (like a form on your website to collect contacts for marketing purposes)
– If your website or business uses has a top level domain e.g.: .fr, uses the currency an EU Member State
However, if you have more extensive engagement with the EU then I recommend becoming familiar with European data protection concepts (data controller and data processor) and having a professional prepare your legal documents. It may be necessary to undertake a privacy and information audit of your business and we recommend consulting a professional if your business has substantial trading with any EU Member State.
These are the steps I recommend you take:
2. Setup all opt-in data collection forms on your website with a checkbox for that gives declaration of consent
– https://privacypolicies.com/ Becareful this one says free but its only free for personal use, commercial use is $27and there is an option to also create a terms of service for an additional small cost.
– https://wordpress.org/plugins/oik-privacy-policy/ This one costs about $150
– https://www.iubenda.com/en This site charges about $30 per year to keep the policy updated each year.
Penalties for breaching the GDPR is split into two categories:
• the maximum penalty for lower severity obligations is €10,000,000 (approx. AUD$15.3m) or 2% of the business’ worldwide annual turnover for the preceding financial year – whichever is greater; and
• the maximum penalty for higher severity obligations is €20,000,000 (approx. AUD$30.6m) or 4% of the business’ worldwide annual turnover for the preceding financial year – whichever is greater.
GDPR compliance in Australia is serious business and my final advice is to take the safe route and get compliant quickly. If you need help to do this feel free to call and I will provide you with a quote.
Please note: this article does not constitute legal advice. Consult a professional if you need legal advice.
If you like this article then you may be interested in the Country of Origin Labelling regulations that will be enforcable from 1 July 2018 – yes that’s only a matter of weeks away too!