- an Australian business with an office in the EU an Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros an Australian business whose website mentions customers or users in the EU an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.
There’s much conversation, and a little confusion surrounding the GDPR, or the General Data Protection Regulation, so we thought we’d help you clear some of it up!
What are the key messages and what do I need to do?
The European Union General Data Protection Regulation (the GDPR) contains new data protection
requirements that will apply from 25 May 2018. Australian businesses of any size may need to comply if they have an establishment in the EU, if they
offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:
-implement a privacy by design approach to compliance
-be able to demonstrate compliance with privacy principles and obligations
-adopt transparent information handling practices.
There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act. Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement.
Australian businesses that might be affected, include:
