An explanation of GDPR for Australian businesses
Here, the DVM Law team cut through the scare-mongering to explain exactly how Europe’s stringent new data privacy laws will affect businesses here in Australia.
There has been a lot of interest and concern in Australia about the applicability and impact of the European Union General Data Protection Regulation (the GDPR), which came into force on 25 May 2018.
As you delete that final email asking you (again) for your consent, you may be asking yourself what the introduction of the GDPR means for Australian businesses who may already be complying with their Australian privacy law obligations.
In this article, we provide a high-level, practical answer to this question.
This is a very well written article with a good, pragmatic approach to the current situation.
We’re an Australian based company that have created a suite of tools to aid businesses and other website owners with compliance. The first is a compliance kit, which allows website owners to obtain granular consent for using tracking cookies, analytics tags and the like when a user first visits their site (and importantly), before any of the tags first fire. This kit also includes hosted forms for managing data rights requests, with a control panel for tracking progress. Furthermore, the kit provides additional information for your Privacy and/or Cookie Policy based on the tags you provide.
The second option is an EU Traffic Blocking tool, which detects visitor locations as soon as the page is accessed, and redirects EU visitors to a customisable ‘blocked access’ page in order to minimise your website compliance risk.
You can find out more at https://www.ezigdpr.com/
Article 30 paragraph 5 (I think) , says businesses with fewer than 250 staff are exempt from record processing. What does this mean for small businesses?
Hi Brett, it’s a good question. The answer is basically, it doesn’t mean as much as we might hope. While you might get out of record-keeping, that’s only one obligation out of many under the GDPR – if the GDPR applied to you, it’s likely you’d still need to enable individuals to exercise their right to erasure, for example.
The <250 exception does not even apply if you process sensitive information (this is the "special categories") or if the processing is "not occasional", so it can be a difficult exception to rely on even for record-keeping.
Feel free to reach out to us at http://www.dvmlaw.com if we can assist you further.
How is it that EU Citizens have more data rights and protections in Australia than an Australian in Australia?
Everyone including our government seems to play fast and lose with our Australian data. Promiscuity with our private data seem almost encouraged by our Prime Minister who feels that because we had to have our picture taken to drive than stretches that to say that we approved allowing our faces to be facially recognised. Our faces will now be kept in a database and processed by a third party overseas company, a risk to national security. All this over-seen by a man who spent several years planning a third rate internet fit for 2008 in 2018.
What chance do we have of having our own equivalent of the GDPR here in Australia to give us our rights over our own personal IP?
Dear DVM Law team, what is the difference between a European resident and a citizen in terms of the GDPR? Would a dual citizen have rights under the GDPR here?
Hi
If an Australian based company has a UK office with UK staff employed and deals with UK customers, is there anything which GDPR specifically states that you are not allowed to store any data relating to the UK based customers and UK based staff in Australia ie Office 365, file servers in Australian data centers… ?