Macro Shot with Augmented Reality:  IT Administrator Plugs in RJ45 Internet Connector into LAN Router Switch. Cables with Virtual Graphichs Showing Data Transfer.

GDPR in Australia – is Your Business Compliant?

The European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’) came into effect on 25 May 2018.  Whilst Europe is over 14,000km from Australia’s sandy shores, its data protection laws are only a click away.

Is this relevant to my business?

If you are wondering why an EU regulation is causing such a fuss in Australia, the first key thing to know about the GDPR is that it applies to Australian organisations of any size that either;

  1. have an establishment or presence in the EU, or
  2. do not have a physical presence in the EU, but;
    a)  offer goods and services to European-based individuals, or
    b)  monitor the behaviour of European-based individuals.  

Since a failure to comply with the terms of the GDPR may result in fines of €20 million or 4% of annual turnover (whichever is higher), it is critical that Australian organisations are prepared and protected.

What is the GDPR?

The GDPR is the biggest overhaul of data protection laws in Europe since the introduction of the European Union Data Protections Directive in 1995.  The new laws seek to protect individuals’ privacy and personal data by regulating the way that organisations collect, store and protect the personal information (‘personal data’) of European-based individuals.  This includes customers, employees and suppliers (‘data subjects’).

For instance, organisations may collect personal data from data subjects only for ‘specified, explicit and legitimate purposes’.  In addition, organisations must obtain explicit and informed consent from the data subject prior to processing their data.

The GDPR also dictates how organisations must prepare for, respond to and report a data breach.  Organisations must appoint a ‘Data Protection Officer’ to internally regulate the way personal data is processed by the organisation.  They must also conduct a Data Protection Impact Assessment, outlining the potential ways that personal data stored by the organisation could be compromised, as well as how the organisation would respond to such a breach.

If a breach occurs, the organisation must report the breach to the relevant supervisory authority, and in certain circumstances also notify the individuals whose data has been compromised.  This is similar to the new mandatory data breach notification regime that was introduced in Australia in February 2018.  

The GDPR also grants data subjects certain rights over their personal data, such as:

  1. The right to access and review the personal data that is held by a company relating to the individual;
  2. The right to object to their personal data being processed;
  3. The right to data portability;
  4. The right to complain or query how companies process their personal data;
  5. The right to object to automated decision making using personal data; and
  6. The right to have personal data forgotten by the company.  

How does the GDPR affect Australian Companies?

While the GDPR shares some common elements with Australian laws under the Privacy Act 1988, there are many elements of the GDPR that do not have an Australian equivalent.  To make sure that they are protected, Australian organisations should take steps to determine whether their businesses are required to comply with the GDPR and if so, ensure they are familiar with the various obligations and additional rights granted under the GDPR.

If your company is not already GDPR-compliant, it is crucial that you immediately review your internal and external policies and procedures as well as any and all data collection procedures.  The potential fines of €20 million or 4% of annual turnover (whichever is higher) are too great to ignore, and it is yet to be seen just how strictly the EU will enforce the new laws.

If you would like to receive our regular legal Updates, please subscribe here.  If you require advice as to exactly how your company can ensure GDPR compliance, please do not hesitate to contact our Privacy and Data Protection team.


Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.


More posts

Understanding roles in the strata scheme

A strata scheme is a building or group of buildings that have been divided into lots which can be apartments, villas, offices, units or townhouses. This will be articulated in the strata plan.

Can i put my home on Airbnb?

Airbnb is a form of short-term rental accommodation. To add your property to Airbnb in NSW, you are required to meet several laws and regulations governing short-term rentals.

When are liquidators required to seek approval to retain legal counsel?

When does a liquidator (or the company he or she is appointed to) need court, creditor, or committee approval to validly retain a solicitor to act in a liquidation matter which is likely to extend for longer than three months?  The answer to this question has only recently been settled.

Proposed changes to building and construction law in NSW

The Building Bill 2022 (the Bill) is the key avenue through which the NSW Government has proposed to reshape the culture of the building and construction industry by eliminating poor performance and improving the quality of building statewide.

Can you dismiss an employee who fails to return to the office?

Slowly but surely, most employers are requiring employees to return to the office for at least a portion of their working week. Some employers continue to struggle with employees resistant to returning to the office or those who have an expectation that they can continue to work from home whenever it suits them.

New powers to combat phoenixing in construction

The rise of phoenixing in the building and construction industry in Australia in recent years has proved a significant challenge to regulators. Mismanagement of time or cashflow can quickly propel businesses into insolvency.

The NSW Building Commission’s extraordinary powers

In late 2023, the NSW Government passed the Building Legislation Amendment Bill 2023 (Amendment Bill). The Amendment Bill established the NSW Building Commission and granted it extraordinary powers to enter construction sites, inspect work and take away information and materials.

© 2024 Coleman Greig Lawyers   |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230