GDPR. What the? A quick guide for Australian businesses
If you are anything like us, you’ve been waking up (craving coffee) every day to countless emails from brands and organisations about changes in user agreements and their privacy policies. We won’t lie to you. We haven’t paid too much attention to most of those emails because ain’t nobody got time for that. But we should have. After all if eBay, Facebook, Instagram, Billboard, ASOS, Tech Crunch and every other brand we’ve subscribed to, are saying the same thing then surely it’s something important, right? Right.
So, what’s all the fuss about? It’s all related to the European Union’s General Data Protection Regulation, commonly referred to as its acronym GDPR. The EU GDPR, what the? With so much information online (over 16.5 million Google results) and more content being produced every hour, it can be overwhelming trying to answer what this really means for Perth and Australian businesses. We’re about as far from Europe as we can get so should we just ignore the emails and hope they stop? Nope. Take 5 minutes to get a quick, simplified, 12 point breakdown on what it is and how the GDPR can affect Australian businesses.
1. What Is the GDPR?
The General Data Protection Regulation is a regulation intended to empower all European Union citizens. It plans on better protecting all EU citizens by giving them control over what personal data is and how it is shared. Furthermore, the GDPR hopes to develop a more equal playing field by making all EU business comply under the same set of rules.
2. So What is Personal Data?
According to the European Commission, personal data refers to any information related to an individual. Personal data can be a name, an email address, a selfie on Instagram, health information, a computer IP address and anything in between.
3. Effect Date
The EU GDPR comes into effect on the 25th of May 2018, a few weeks past the 2 year anniversary of the policy being adopted on the 14th of April 2016. The GDPR regulation replaces the 1995 Data Protection Directive.
4. Who Does the GDPR Apply To?
All European Union data controllers, processors or data subjects. Data controllers refer to an entity that determines the purpose and means of data processing, processors are entities whether business or individuals who process personal data while data subjects are the EU citizens. More information about data controllers and processors can be accessed at the European Commission, here.
5. So The GDPR Only Applies to the EU?
No, it doesn’t. The GDPR also applies to any organisation based outside the EU that may have an operation or business interest within Europe, or collect or possess personal data for individuals located living in the EU.
6. How Does this Impact my Small Perth Business?
If you’re an owner or employee of a small Perth business that doesn’t sell to any EU customers nor collect or possess any personal data from anyone within the European Union then you’ve got nothing to worry about. As you were.
7. How Does this Impact my Bigger-Sized Perth Business?
8. What is Needed to Comply with the GDPR?
The GDPR focuses on accountability and government, consent, mandatory data breach notifications, privacy notices, expanded rights for EU citizens and more. Compliance with the GDPR has many facets that vary depending on how the business is treating personal data. There are so many methods and technologies, so we’re just going to list a few of the more common methods of compliance.
- Only accepting consent if it’s freely given, specific, informed and unambiguous sign of a data subject’s desires.
- Advising the relevant security authority about data breaches within 72 hours of becoming aware of the breach.
- Deleting a subject’s data if they request it to be, in certain circumstances.
- Using privacy notices that are more transparent, accessible and understandable.
For the most part, complying with the GDPR is rather simple to do.
9. What’s the Deal with Compliance?
If a business fails to comply with the GDPR, they’ll be warned. If they continue to ignore the regulation, the company will be reprimanded. Following a reprimand, suspension of data processing occurs if non-compliance continues. At this point, no business should still be failing to comply. The fines are huuuuuuge – up to $20 million or 4% of global annual turnover, depending on which is larger.
10. Is Australia Going to Adopt the GDPR?
Australia won’t adopt the GDPR given it’s the EU’s regulation. However, it’s very likely we’ll adopt a similar personal data policy in the future.
11. What Are the Big Big Businesses Doing in Response to the GDPR?
Willingly or not, they’re complying because they’ve no other option. Furthermore, some businesses such as MailChimp are taking a proactive response and doing more than just complying. In the case of the marketing and EDM giants, MailChimp have released a variety of tools such as GDPR-friendly consent forms to help businesses comply with the GDPR. Read about Mailchimps GDPR tools here.
12. Where Can I Get More Information About the GDPR?
Everywhere. One Google search will provide you with more information than you’ll ever need. To save you some stressful times, here is a list of some of the most valuable GDPR resources out there –
- The Asia Pacific Privacy Authorities: http://www.appaforum.org/resources/guidance/appa-gdpr-general-information-document.html
- The European Union Commissioner: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
- The Office of Australian Information Commissioner: https://www.oaic.gov.au/resources/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation.pdf
If you have any questions or concerns regarding the GDPR please don’t hesitate to contact Start Digital. We’re here to help.