Worried about the GDPR? Here’s (almost) everything you need to know
With fines of up to €20m or four percent of global turnover, breaching the new GDPR guidelines could cause your business to topple over. As the regulations come into view, Alpha Digital’s Sam Wood provides a comprehensive guide for Australian retailers and marketers.
On May 25 2018, the new privacy regulations the General Data Protection Regulations (GDPR) will come into force in the European Union. Whilst it’s immediately obvious that this will have a massive impact within the EU, Australian businesses are also being put on high alert.
The GDPR aims to give control of personal data back to the individual (the Data Subject). It does this by enacting strict regulations around the collection, retention, and use of the data on the part of the companies collecting the data, and on the companies processing the data.
Another case study for your comment Sam, if you have a moment:
Digital brand X has email addresses of customers, but doesn’t know which of them are EU residents.
Can they upload them into Facebook (or other platform) to create an audience?
(I think: NO, not without express and informed consent)
Hmmm good question. My guess is that, at it’s most simple, ignorance is not a defence so I’d lean towards ‘no’ as well. Just because you didn’t know they were in the EU doesn’t mean you’re exempt from the GDPR.
A good suggestion I heard the other day was putting the onus back on the user by making clear in all privacy policies, EDMs etc that ‘we do not sell to the EU, please contact us to have your data removed if you reside in the EU’. Also ensuring the fact you don’t ship/sell to the EU is clear on the website (assuming that’s the case).
I’m no expert, but that’s my opinion!
Apparently, silence or inactivity are not consent. See https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation
Hi Sam, Thanks for this info. I have only become aware of these regulations today, so am still a bit confused!
I am a sole trader in Australia with customers all over the world. I provide an online service, where I list dance costumes for sale on behalf of their owners. I do no email marketing and only collect customer email addresses to include with their costume ad so that buyers can contact them directly.
Customers submit their costume for sale by way of an online form. If I add a check box to my form for EU residents to consent to the use of their email address for the sole purpose of selling their costume, with a link to clarify that I do not store their info, on-sell it or use it for any other purpose, would this be enough?
Thanks for any advice you might have,
Lisa.