EU General Data Protection Regulation - GDPR

EU General Data Protection Regulation - GDPR

The GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

The reforms are designed to reflect the world we're living in now, and brings laws and obligations - including those around personal data, privacy and consent - across Europe up to speed for the internet-connected age.

The new General Data Protection Regulation (GDPR) rules that took effect on 25th May 2018 have implications for Australian businesses that have an establishment in the EU or offer goods and services or monitor the behaviour of individuals in the EU.

Australian businesses that may be covered by the GRPR include:

  • an Australian business with an office in the EU
  • an Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros
  • an Australian business whose website mentions customers or users in the EU
  • an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.

Details at www.oaic.gov.au

According to the GDPR, websites need to protect site visitors’ privacy.

In simple terms this means website owners need to:

  • Get consent to collect and store data
  • Explain how collected data will be stored and used
  • Be able to delete all data collected from site visitors, upon request

How to Comply:

A Standard Privacy Policy to Boost Site Transparency

The GDPR requires all websites to inform users about the type of data the site collects and what this data is used for.

Customized Cookie Notification

A cookie notification lets visitors know your site collects information in the form of cookies.

Use a SSL Certificate

This ensures the connection to your website is secure and cannot be intercepted.

Consent Fields on Contact Forms

According to the GDPR, website owners must get consent from site visitors before collecting data. To comply with this requirement, you can add an opt-in consent field in every contact form on your site.

Personal Data Deletion

GDPR requires that if a site visitor requests to have their personal data deleted, the website owner must do so without delay.


 

To be absolutely sure your website and data collecting mechanisms are compliant we recommend seeking legal advice, however if you require assistance with implementation or sourcing, please feel free to contact us on 9583 3358.