On May 25, 2018, the European Union General Data Protection Regulation (the GDPR) will implement new data privacy protection clauses that will affect all kinds of businesses. Australian businesses need to be well protected and well informed of the new system since it will affect mostly every single business owner in the world.
With that in mind, it is first important to determine what data privacy is and why it is important?
To start, it has always been a known business practice that businesses share information with each other. Whether we admit it or not, there is nothing in this world that makes more sense than knowing who your clients are and their consumption behaviour.
However, recent developments in law and legislation have made sure that data sharing is no longer possible among business owners.
For the longest time, the Australian Privacy Act 1988 has protected business and client information from being private knowledge to being public information.
At the onset, the two laws share about three main characteristics:
First, both aim to implement privacy by design to ensure compliance. This means that there is an expectation that data privacy will be the primary focuses of any business especially those who are dealing with banking.
Second, the laws require that businesses should be able to display conformity with privacy philosophy and obligations. This means that there must be a specific key indicator of how businesses comply with data privacy. These key indicators are easier listed than followed, however.
Finally, businesses should adopt processes that are transparent in handling information. How does a business handle client information? Is the system encrypted? Does the government know how such data is collected and stored? The answers to those questions are necessary in order for the regulators to have a clearer picture of how data privacy is managed.
With that, what is personal data and why is it important to protect it.
According to the GDPR definition, personal data refers to ‘any information relating to an identified or identifiable natural person’. This is found in Article four of the legislation.
On the other hand, Australian privacy law defines personal information as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable’.
With only the Australian Privacy Act, it is easy to comply with the protection requirements. However, the GDPR sets out a lot of rules to follow that would affect Australian businesses.
As to accountability:
The GDPR provides for a stronger framework in ensuring that businesses are accountable. Not only should businesses be able to prove that they have actually tried to comply with the requirements but they must also show that the businesses will be able to integrally protect whatever data they get from the market.
What this means for an Australian business: The business must be able to show compliance and be transparent in the way that they handle data. While it may seem easy, it is a bureaucratic nightmare especially if budget is concerned.
As to consent:
The GDPR requires that consent must be given in all fours with the following characteristics
- It must be freely given;
- It must be specific,
- The person giving the information must be fully informed of the consequences; and there must be ‘an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing’; this is according to Article 4 of the GDPR.
What this means for an Australian business: The business, before trying to acquire data, should fully and completely require its clients to disclose information and allow processing of information.
As to breach of data:
The GDPR provides for a mandatory data breach notification which means that whenever a problem arises out of the data processing such as, but not limited to, data hacking or sharing that was not given proper consent, the client involved must be informed.
What this means for an Australian business: This means that liability is tighter and transparency has never been any better. With the passage of the law, everyone is required to make sure that the information shared will not be hacked and if it is hacked, they must information the clients as soon as possible.
While the new law passed affects Australian businesses in some more requirements, it provides better protection and an enhanced hand in ensuring that data will not be breached and that Australian citizens can trust businesses in handling their information.
Click here to book your legal strategy session: www.digitalagelawyers.com/contact-us