What the new EU data protection laws will mean for Australia’s media and marketing industry

In six months time, on the 25th May 2018, the EU will undergo the greatest change in decades to its data protection laws when the EU General Data Protection Regulations (GDPR) come into force.

Many Australian organisations may be thanking their lucky stars that it’s not rolling out here – but given the global nature of our digital world – they need to think again.

GDPR will mean significant change for many Australian companies who have a footprint of any sort in Europe (and yes the United Kingdom is also subject to GDPR until it formally exits the EU in 2019).

You will be subject to GDPR regulations if your business falls under any of the following categories:

• An Australian digital media or advertising business with an office in the EU;
• An Australian digital media or advertising business whose website targets EU companies – for example by enabling them to order products in a European language (other than English) and facilitates payments in Euros;
• An Australian digital media or advertising business whose websites references customers or users in the EU; or
• An Australian digital media or advertising business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.

Even if you don’t fall into the category affected by legally mandated change, the sheer market size of the EU is likely to force “change in practice” within any international company with a global footprint in Europe. By default this is likely to set the precedent for future data protection requirements around the world.

Indeed, the Office of Australian Information Commissioner now provides official Australian guidance on their website about how companies here can prepare for the new EU regulations. This demonstrates just how connected all digital business are to any global movement in privacy regulation.

We would strongly recommend that if you haven’t already done so, you need to ascertain if these changes will affect your organisation.

If the answer is most likely yes. Start planning for the procedural, legal and operational changes necessary to ensure you stay on the right side of the new laws.  

To help you navigate what the changes will mean from an operational perspective we have set out a side by side table of GDPR requirements that are already familiar concepts in Australia versus GDPR requirements that are new. This isn’t an exhaustive list but it does cover the ‘headline’ changes.

What to look out for

(Click to enlarge)

If you believe you may be affected by GDPR then a good place to start is to visit this resource on the Office of Australian Information Commissioner (OAIC) website.

But do it quickly, as ignoring this step change in privacy regulations would be at your peril.

And keep a keen eye out for the final report from the Australian Government on the data availability and use public inquiry, which is due out in late December.

It could well contain some significant findings about how to preserve individual privacy and control over data use that will impact our industry.

Kamani Krishnan is director of regulatory affairs at IAB Australia. Members can contact her for guidance via Kamani@iabaustralia.com.au.

Related Content

Opinion Facebook's absence, the EU's impact and avoiding self affirmation: NYC's Programmatic IO

News Press council rules car crash victim had reasonable expectation to privacy