General Data Protection Regulation
The General Data Protection Regulation (GDPR) promises the biggest shake-up of European privacy laws for 20 years.
Our Alliance Partner, Linklaters, has prepared a guide to the Regulation, containing answers to frequently asked questions, as well as checklists and everything else you need to get across this new regime.
Australian businesses covered by the Privacy Act 1988 (Cth) may need to comply with the GDPR if they:
- have an office in the EU (regardless of whether they process personal data in the EU); or
- do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU, eg:
- where a website enables EU customers to order goods and services in the language of a member state, or enables payment in euros; or
- where a business tracks EU individuals online and uses data-processing techniques to profile those individuals and determine their preferences.
Australian organisations that are operating in the EU, processing personal data, offering goods and services to individuals or monitoring the behaviours of individuals in the EU will be affected and should review their privacy arrangements to ensure compliance with the GDPR. Fines for non-compliance are significant – up to €20 million or 4% of annual global turnover (whichever is higher).
We believe organisations that undertake a careful and structured approach to the governance and protection of their data can adjust to the new privacy and data landscape with confidence.
If you would like to learn more about the new privacy laws and the GDPR, and specifically how these may affect your organisation, please contact a member of the team.