25 May 2018 was the date the EU’s General Data Protection Regulation (GDPR) went into effect. As of April, a Crowd Research report found that 60% of companies expected to miss the deadline. And nearly half said they were not knowledgeable enough about GDPR specifics. What about your company?
These key messages were included in the Office of the Australian Information Commissioner’s Privacy business resource 21 as of March:
- The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018.
- Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
- There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.
- Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement
- The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:
- implement a privacy by design approach to compliance
- be able to demonstrate compliance with privacy principles and obligations
- adopt transparent information handling practices.
As an Australian business, how do you know if you are required to be compliant? If you do business (online or with physical presence), gather data, or monitor behaviour of those in the EU, your company’s data processes are required to be GDPR compliant.
It’s important to understand that the GDPR applies to data gathering practices of businesses of ANY size. And, it applies whether or not the business is charging for goods or services. In other words, a free survey you send to a list in the EU falls under GDPR compliance requirements.
At Blutone Technologies, we’ve been working with clients to determine whether or not they are required to be GDPR-compliant – and, if they are, to make sure their systems are meeting all regulations. If you are wondering what to do about GDPR, give us a call and get the expert guidance you need.