EUs General Data Protection Regulatio has been implemented on Australia on 25th of May, 2018. Since then, it overshadowed NDB regime or the Notifiable Data Breach that is under Privacy Act 1988 that has came into force of virtually the same year. On the other hand, GDPR is also applicable to a number of Australian businesses which include the ones that may haven’t complied with NDB Regime.
The OAIC or Office of the Australian Information Commissioner published a guidance for businesses based in Australian about the GDPR’s requirements and recommended organizations and businesses to review whether GDPR is applicable to them or not. If yes, they have to take the necessary steps to implement the expected changes to ensure that they are meeting its compliance.
As a matter of fact, GDPR has a broad scope and this captured tons of Australian businesses that have some level of connection with European Union or EU. Considerably, applying GDPR on businesses is not limited by the amount of revenue generated by the business. This may potentially catch several Australian businesses off guard especially to those that are making 3 million AUD or less in a year and determined that they are not subject to the NDB Regime. Check out more also about GDPR handbook.
Believe it or not, GDPR has this massive extraterritorial reach and applicable to businesses that fall to doing data processing and controllers that are located in EU, organizations that do offer services or goods to consumers in the EU and, businesses that keep track of people’s behavior living in EU.
Australian businesses need to take into account whether they’ve met requirements above particularly the later two that can be easily met by an Australian business which have got no physical store in EU. Basically, GDPR imposes serious obligations on any applicable businesses that are either similar or stricter and is more onerous than the ones set out in Privacy Act. Such obligation includes the implementation of privacy by design approach to comply, demonstrating the appropriate technical and organizational measures to be able to meet privacy principles as well as obligations set by GDPR, adopt to transparency of information and lastly, meet the 3-day breach notification requirement.
Aside from that, GDPR compliance Australia is offering rights to people who are not under the Privacy Act. This includes the right to seek data deletion in any given situation. Sanctions may be imposed under GDPR for not compliance and this is something that shouldn’t be taken lightly.
To get additional info, visit – https://www.huffingtonpost.com/entry/dont-give-new-data-laws-the-brush-off-the-gdpr-still_us_5a0c52f7e4b06d8966cf33eb