The Office of the Australian Information Commissioner has published new guidance for Australian businesses on the European Union’s General Data Protection Regulation (GDPR) requirements.
From 25 May 2018 Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.
The GDPR includes requirements that resemble those in the Privacy Act 1988, and additional measures that similarly aim to foster transparent information handling practices and business accountability around data handling.
In the lead-up to the commencement of the GDPR requirements, businesses should confirm whether they are covered by the GDPR, and if so, take steps to implement any necessary changes to ensure compliance.
> Read the guidance: Privacy business resource 21: Australian businesses and the EU General Data Protection Regulation
Migration Alliance member, Jason Watt is a non-practicing lawyer, registered migration agent and business consultant with 10 years odd experience in the legal industry. From web development and hosting, to chef to working in litigation, tax, human rights, employment Law, Court services, international negotiation and more, Jason's opinions on the GDPR developments are as follows:
"A couple of quick points below.
Please note – from my reading of the GDPR it includes those who are collecting data from people in the EU. That is: if your website collects data (general or otherwise) you are also subject to the GDPR. In addition, if your site is targeting EU or otherwise advertising in EU you are required to have a cookie policy popup on your website.
As you will be aware, the GDPR also aligns closely with our obligations under the Australian Privacy principles and none of these actually conflict with the code of conduct – there is an exclusion for retaining data for a lawful purpose – even if the individual requests we delete it.
Finally, as discussed initially, this does include securing information. Securing private information has been read by Australian companies to mean:
1/ Phone lines are not necessarily secure for the purposes of ‘confidential’ information like Credit Cards;
2/ Email is not secure for personal or private information such as dates of birth, copies of passport and other documents etc.
In addition:
1/ Dropbox FREE is not secured the same way as Dropbox Business – both may potentially cause issues with privacy security;
2/ One Drive FOR BUSINESS or above only – is secured with 256 AES security and data splitting to ensure privacy/security. AES is the highest possible standard – and it is what the military uses."
Login / Join
