GDPR in Australia: Who, What and When? - Act Today GDPR in Australia: Who, What and When? - Act Today

GDPR in Australia: Who, What and When?

GDPR for Australian Small Businesses

Is the GDPR relevant to your business?

As Australian businesses try to understand the new European data protection laws, it is important to understand who it is actually relevant to and what you need to do to ensure you are compliant.

Australian businesses should consider the following:

  • Do you operate a businesses that is established in a member state of the EU?
  • Does your Australian-based entity offer goods or services to individuals in the EU?
  • Does your Australian-based business monitor the behaviour of individuals in the EU?

If your Australian based business has any sort of business in the EU, then you do need to ensure you are compliant with the new rules.

What is GDPR?

GDPR (General Data Protection Regulation) is a new piece of legislation introduced by the European Union on 25th May 2018. The bill is aimed at giving European citizens more control over how companies use their private data. Under this new bill, the definition of personal data has been expanded to include any information related to a person or data subject that can be used to directly or indirectly identify the person. In addition to the usual suspects (name, picture, email address, contact number), GDPR also includes an individual’s computer IP address and mobile device identity as identifiers, along with a wider range of identifiers such as economic, cultural, sexual orientation, mental, genetic and so on.

The GDPR and the Australian Privacy Act 1988 share some common requirements including:

  • Implement a privacy by design approach to compliance
  • Be able to demonstrate compliance with privacy principles and obligations
  • Adopt transparent information handling practices.

However, there are differences and Australian businesses may find that whether the EU GDPR laws apply or not, it is a good time to clean up your data protection act and comply. Inevitably Australian laws are likely to move in the same direction as the EU.

The Office of Australian Information Commission has outlined a summary table articulating the key differences between the Australian Privacy Act and the EU GDPR.

This not only relates to what sort of data is collected but how it is managed and protected. It also relates to:

  • Accountability and governance which includes minimising the processing of personal data and transparency of the functions and processing.
  • Consent including a new definition of consent, which states that it must be freely given, specific and informed.
  • Mandatory data breach notification where any data breach must be notified to relevant authorities within 72 hours of the breach.
  • Privacy notices must be clearly identifiable, in simple language and easily accessible.

In short, there is quite a bit to do to ensure your customer data is protected and meets the new requirements. As CRM experts, Act Today have a clear understanding of the new requirements and can help your business ensure they are compliant.

End of Financial Year Special Offer

Take advantage of our special End of Financial Year offer giving you 5 hours of expert consulting for just $990*.

Purchase the ‘5 Hour Power Pack‘ before 30th June 2018 and we will get in touch to organise a time to have your consultant come to you to help you clean up your act in terms of privacy, data collection and compliance.

The new GDPR obligations have already taken effect (as of the 28th May 2018) so now is a great time to get on top of your customer data protection responsibilities.

Find out more

*Offer valid between 12th June – 30th June 2018. Price shown is in Australian dollars and includes GST.

SPEAK TO AN ACT! SPECIALIST in Australia 1300 362 046

Pin It on Pinterest

Share This