If you are anything like me, you may be a little annoyed about the volume of email you have received over the last few weeks from businesses updating their privacy policies. The reason for the sudden flurry of activity is due to changes to privacy and data collection which have just commenced in Europe and the ensuing ripple effect of a strengthening global on-line economy.
The long-awaited new EU data rules, known as the General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR imposes strict new rules on consumer data protection that businesses (including some in Australia) must adhere to.
The new regulation covers most forms of personal data, including basic identity information, through to biometric, health, genetic, racial or ethnic data, sexual orientation and political opinions, with an emphasis on the handling and storage of that information.
It is increasingly difficult to argue against the imposition of additional safeguards where we see the likes of Cambridge Analytica using the data of more than 87 million Facebook users without their consent with suspected involvement in more than 200 elections around the world.
The worldwide impact of the GDPR is not to be understated and it is not just businesses based in the EU who will need to comply with the new rules.
Examples of Australian businesses that may be subject to the new rules include those:
Many of the provisions are similar to those found in the Privacy Act 1988 (Cth) (the Privacy Act). However, there are some differences and, with tighter requirements under the GDPR, compliance with the Privacy Act does not necessarily mean you will meet the requirements of the GDPR.
There are some notable differences between the the Privacy Act and the GDPR, which include (to list a few):
The following similarities also apply:
Companies that fail to meet the requirements under the GDPR face potential fines up to €20,000,000 (approx. AU$30,948,549) or 4% of global turnover, whichever is the greater.
If businesses have a presence in the EU, they should consider taking the steps outlined in response to the GDPR:
We can assist if you have queries as to how the GDPR will impact your business, or if you wish to discuss issues in relation to privacy/data protection and compliance.
"The content of this publication is for reference purposes only. It is current at the date of publication. This content does not constitute legal advice and should not be relied upon as such. Legal advice about your specific circumstances should always be obtained before taking any action based on this publication."