The GDPR has been introduced across Europe to counter some of the more insidious data collection and online surveillance techniques out there today. At a very basic level, the GDPR applies if you collect the personal data of any EU citizen. It includes a bunch of onerous provisions, and has severe penalties for breaches.
Just because a website may be accessible to the EU, does not necessarily mean it will be forced to comply with the GDPR. And at this point the legislation is active, but untested in a court of law. The important questions for you to consider right now are:
If your answer is YES to any of these, then your business is subject to the GDPR and, depending on the type of business you conduct, you may need to make changes to:
If your answer is NO, then keep reading!
The Privacy Act includes 13 Australian Privacy Principles. This link provides a quick reference outline of all 13 APPs. These APPs outline how certain organisations must handle, use and manage personal information.
The Australian Privacy Act does not apply to all organisations, and individual organisations must decide how they apply to their own organisation. So make sure you do some research to see if your organisation is included or not.
Consider this - due to the requirements of the GDPR, and the number of people in the world it applies to, there is now increased focus on data privacy, collection and management. With that in mind, it may be reasonable to assume:
- There will be changes in the way things are done going forward.
- It's not difficult to envisage a time when - above and beyond the legal requirements - businesses that do demonstrate a commitment to data privacy, may be preferenced over those that don't.
If you need assistance with determining your requirements or implementing new privacy policies or processes, please contact us.