GDPR for Australian Businesses
IT and Startup Lawyers provide technology, commercial and corporate law services to startups and small to medium size enterprises. Our Privacy Lawyer can assist with the GDPR for Australian businesses by advising on privacy compliance and drafting Privacy Policies which are compliant with both the Australian Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (GDPR).
What are the implications of the GDPR for Australian Businesses?
Consider the consequences of compliance failure. Fines exceeded €126 million by 2020.
The introduction of the GDPR by the European Union (EU) in early 2018 caused a flurry of confusion and concern for its stringent requirements that seemingly impacted businesses not only in the EU, but across the globe.
This concern is not without its merit. The consequences for non-compliance with the regulation can result in heavy fines of up to 4 percent of global annual revenue or €20 million, whichever is higher. Since its introduction, the regulator has in fact fined Google €50 million, an internet service provider €9.6 million, Cathay Pacific €560,000 and many more companies totalling more than €126 million.
The question heavy on the minds of Australian businesses, does the GDPR apply to us?
Do Australian businesses need to be GDPR compliant?
Understand your compliance obligations
Determining whether a business falls within the purview of the GDPR is not a black and white question. The GDPR provides scope for businesses not physically located within the EU to fall within its jurisdiction.
Article 3 of the GDPR sets out the territorial scope of the GDPR, that is where it applies. It states:
- This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
So, what compliance obligations are there relating to the GDPR for Australian Businesses?
Well firstly, if you are an Australian business offering goods or services, whether paid or free, to EU citizen or resident then you certainly fall within the GDPR. The grey area is within the second portion of the article which relates to monitoring of EU citizens and residents. This is where a Privacy Lawyer with experience in this area can come in handy to help you understand your risks and obligations.
So how can Australian businesses be GDPR compliant?
Need assistance with privacy compliance?
The fundamental concept of the GDPR is “privacy by default and design”, this means that businesses are required to have clear processes and procedures to protect data. Furthermore, articles 12, 13 and 14 of the GDPR set out the need for businesses to communicate to individuals certain information related to privacy.
There is some crossover between Australian and EU privacy law, but there are also differences.
Fortunately for Australian businesses, GDPR Privacy Policies and an Australian Privacy Policies are generally similar. However, there are some notable differences. These include that the Privacy Act has exemptions in place for certain small businesses, whereas the GDPR applies to any sized business within the jurisdiction discussed above. Additionally, the GDPR clearly gives individuals the rights to the erasure of any data stored.
- Tech Startup
- Technology Law
- Legal Documents