Information Management Security

If you’re an Australian business owner, marketer or you receive emails from international businesses, you will probably have heard of the General Data Protection Regulation or GDPR by now. GDPR is the European Union (EU)’s new data protection law that came into effect on May 25th, 2018. It is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU, so what relevance does it have for Australian companies?

Does the GDPR affect me?

The GDPR doesn’t just apply to European businesses, it applies to any business, anywhere in the world, that processes personal data relating to an individual in the EU. This personal data includes names, addresses, email addresses and IP addresses, as well as location data. If you’re an Australian business who processes clients or customers in the EU, the policy will apply to the work you undertake online.

According to the Office of the Australian Information Commissioner, Australian businesses of any size may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.

Obligations under the GDPR

Any Australian business that processes personal data of a customer or client in the EU will need to comply with GDPR principles, which include:

  1. Process the data in a manner that is lawful, fair and transparent
  2. Use the data for legitimate purpose
  3. Limit the use only to what is necessary
  4. Process the data in a way that maintains its accuracy
  5. Store the data for no longer than necessary
  6. Process the data in a secure fashion

These principles are similar to the Australian Privacy Act, however there are some differences. The GDPR does not exempt any businesses from compliance whereas the Privacy Act allows certain businesses, who have a revenue of less than $3 million, a small business exception. The GDPR also has higher penalties for breaching the principles than the Privacy Act.

Australian businesses need to stay updated with changes to the GDPR and ensure they remain compliant with the legislation to avoid serious penalties.

For more information on keeping your business information secure, speak to one of our dedicated Information Management consultants. We’ll audit your approach to security and recommend the best ways to keep your digital and physical information safe from breaches and compliance issues.