Understand how you can comply with Australian privacy laws.
The European Union General Data Protection Regulation (the GDPR) outlines data protection requirements that went into effect as of 25 May 2018. The purpose of the GDPR is to provide a solid legal framework for businesses as far as online data use and collection goes and ensure customers have confidence in online services in terms of protecting their privacy.
The GDPR as well as Australian NDR laws pertain to data breaches wherein personal information is accessed or disclosed without authorisation of the affected individuals. Per the Privacy Act 1988, these breaches must be disclosed when the personal information involved is likely to cause serious harm. Often this data is obtained by hackers or through a ransomware attack. Such a breach compromises personal information such as phone numbers, bank account information or medical records. Australian NDR laws outline the specific process for notification that must be followed as well as specific thresholds and exceptions pertaining to when these disclosures apply. Private sector companies, government agencies, and healthcare providers can all be required to conform to these laws, although we are happy to help advise you if you are uncertain whether they apply in your case or how you should appropriately handle necessary disclosures.
If your operation is covered by the Australian Privacy Act 1988, you may need to comply with the GDPR if you own an establishment in the European Union or offer goods and services that monitor the behaviours of people who live in the EU.
More specifically, the GDPR applies to any data processing activities your business conducts, regardless of the size of your operation, if you process or control data with an establishment located in the EU. For example, your business may need to comply with the GDPR if you are:
- An Australian business that has an office in the EU
- An Australian business and your website targets customers in the EU
- Are an Australian business and your website mentions users located in the EU
- Are an Australian business and you track people in the EU online, using data processing techniques to profile these individuals and analyse their personal preferences, attitudes and behaviours
The GDPR only applies to personal data, or any information that relates to an identified person. Additional protections apply when processing data for special categories, which include personal data that reveals political opinions, ethnic origins, religious or physical beliefs, etc.
Do you want to make sure your data supply chain complies with the GDPR? Contact us today at SouthEast IT for additional information about these regulations and how we can help you appropriately collect and analyse data.