Is Your Business Compliant with the New GDPR Regulations?
Almost every business in Australia has some form of digital element these days and is connected through virtual means to customers. This transition away from traditional forms of commerce has been relatively swift and has been significantly enhanced by advances in technology. However, this change has not been without its challenges and in recent times there has been considerable focus on data privacy, due to very high profile events in the US and beyond. Recently, new laws have been enacted in Europe which (while they may seem to be very far away) definitely affect Australian businesses. If you're not aware of these implications, what do you need to know right now?
Tough New Laws
The European Union has enacted what is colloquially known as GDPR, which stands for "general data protection regulations." While this type of law is not necessarily new and in fact there are existing laws across Australia as you probably know, this specific raft of regulations is wide reaching and especially punitive.
Applies to You?
Even though your business may not be based in an EU member country, if you collect or have access to data that belongs to EU citizens, this definitely applies to you. In fact, you are meant to be fully compliant with this law before the end of May, 2018 and should definitely work hard to ensure compliance as soon as possible.
Punitive
Certainly, the Australian Privacy Act is in place to protect the information of individuals, but it does not apply to businesses until they've reached a certain threshold. This is not the case with the GDPR, which applies to every business regardless of its revenue and huge penalties can be levied by the EU for non-compliance.
Implications
You must come up with a means of communicating with everyone who is affected by this legislation and need to ensure that you have their permission to collect and store their data. You need to inform them exactly what type of data you are collecting and the reason for doing so and must give them the opportunity to request that you delete this information, if it is not relevant or simply if they want you to. Great care must be taken to ensure that the data that you hold cannot be accessed by third parties without your knowledge or otherwise used "illegally."
What to Do
If you are not sure about your position or feel that you need a lot more information about these new laws, get in touch with your commercial lawyer as soon as possible.