We’ve already discussed data and privacy laws in Australia, but keep reading for practical GDPR solutions for Australian businesses and how to start your GDPR Australia checklist. Before we start, let’s have a quick overview of what GDPR actually is.
In May 2018, the European Union General Data Protection Regulation (GDPR) came into force.
A set of strict new privacy laws, it’s primarily concerned with how personal data is collected, used, retained and eliminated. In simple terms, GDPR protects the entire lifecycle of personal data.
Many local businesses are left scratching their heads as to how GDPR affects Australia.
What should they be looking out for on GDPR checklist?
GDPR is similar in many ways to Australia’s Privacy Act from the late 80s—although the latter refers to ‘personal information’ rather than data, and does not extend to cover the full data lifecycle.
Due to these fine tunings, GDPR is considered the most extensive of privacy laws worldwide, and GDPR compliance might not be the walk in the park you were expecting.
It’s important to note that even if your business is not directly involved with EU customers, the change could significantly impact how you operate.
We’ve gone through some of the things that you can do right now to ensure your business ticks GDPR compliance. Now let’s talk GDPR solutions.
Consider the Data Lifecycle
We mentioned that GDPR is concerned with the the entire lifecycle of data, and that may well be where your business fits in.
It might be that you don’t collect data from European customers, but that you do deal with this information somewhere along the line due to your business relationships.
Perhaps it’s a service provider or supplier.
All in all, the press that GDPR is getting means that EU customers are getting savvier. Many will actively look into your service providers to make sure they’re GDPR compliant.
If they see anything that doesn’t fit the bill, they may start looking elsewhere for a business that has met their needs and delivered GDPR solutions.
Review Your Contracts
To become GDPR compliant, you’ll need to charge headfirst into updating your contracts to ensure that you don’t get caught out.
Rethink all your terms and conditions to make sure GDPR compliance is upheld, and do an audit of all of your contracts that deal with personal information.
Considering developments in digital information over the past two decades, this list could be extensive.
Think of your CRM, data analytics, and cloud-based systems as starting points. Take extra care to incorporate Articles 28 and 46 of GDPR.
Seek Legal Advice if Needed
If you deal directly with EU customers, meaning you sell goods or services to customers within the EU and collect their personal information, then GDPR will directly apply to you.
Unfortunately, GDPR is not straightforward and the requirements for compliance with the privacy laws are complicated.
Start by seeking legal advice in regard to how your business can comply with the new EU law.
Understand the Similarities and Differences
GDPR can be seen as building upon existing Australian privacy laws. It’s about protecting customers’ data, maintaining a high standard of transparency, minimising cross-purpose data sharing, and increasing overall security.
One of the key differences is the distinction between ‘controllers’ (who decide why information is collected and processed), and ‘processors’ (who only access information from the controller).
If you fall into the latter category, you’ll still be responsible for ensuring that you process information lawfully. This could be anything from gaining explicit consent to entering into a contractual obligation.
Anticipate the Next Step
Things are about to get even trickier, and unfortunately, Australian businesses get the rough end of the stick.
Our privacy laws haven’t been deemed adequate by the EU, which means that GDPR recommends EU businesses take extra precautions when dealing with us.
Expect to see this manifest in the form of longer terms or extra steps in the process to ensure full GDPR compliance in Australia.
Customers will now have expanded rights, such as the right to erase data. They’ll also often be protected by a Data Protection Officer.
In addition, further data breaches must be reported in a more timely manner.
Make the Change, Now
Despite only becoming enforced in May, GDPR has been adopted by the EU for years.
It means that the ‘I didn’t know’ excuse won’t fly, and the repercussions are already being felt by data giants.
Facebook, Google, and a suite of others have already been pursued, with the maximum possible fines in the multi-billions.
While your business might not be in the same league, it’s worthwhile to do your research on how GDPR affects Australia, particularly for those implementing targeted advertising.
GDPR compliance in Australia may be confusing, but get it right from the start and you won’t have to worry about it.
How To Create GDPR Solutions
Create your own GDPR Australia checklist as it applies to your business.
Do a full audit of the personal information that you currently access. Was it collected lawfully? Do the people it concerns know about it and why you’re using it? Did they agree to it? Do you still need it?
Once you’ve cleared out the old, you can begin to tweak your processes to ensure that your data collection, usage, storage and deletion is fully aligned with GDPR.
You should approach your GDPR solutions from a the perspective of optimising your business, rather than seeing it as another obstacle to tackle.
By complying, you’ll be creating a better experience for your customers and build better, more transparent relationships with your suppliers and contractors.