General Data Protection Regulation (GDPR) is here and it has wide-reaching implications. Even for those of us in Australia! You’ve probably noticed dozens of emails from sites and services you subscribe to updating their privacy laws lately. This is all largely to do with GDPR and the changing landscape of data privacy. We’ve broken it down so you can get what you need to know.
What is GDPR?
Online data privacy legislation, created by the European Union for data privacy, that came into effect on May 25th, 2018 to give people more control over their personal data. This legislation is designed to strengthen privacy and consent with respect to personal data. GDPR also aims to keep data safe and secure to give users peace of mind. GDPR mandates transparency in how data is collected and used by online organisations.
The EU’s new GDPR legislation has been in the works since 2012. Whilst it was publicised heavily off the back of the Facebook & Cambridge Analytica fiasco, it has also been a result of the many high profile hacks and data breaches that have occurred online over the last decade. The EU is attempting to give users more information about what their data is being used for, who is using it, and how it is being kept safe. So what are the key points to know?
Key points of the legislation:
- All Users have a right to know what their personal data is being used for
- A User has the right to access their personal data being stored and edit it for accuracy
- Users have a right to object to having their personal data processed or shared for other purposes
- A User has the right to receive a copy of any personal data stored
- Individuals have the right to erase their stored personal data if they wish
- Websites/organisations must obtain permission from users to use/process any personal data stored
- Organisations must obtain parental consent to store data of users under the age of 16
- Companies are required to protect and secure user data based on strict privacy and security guidelines
- Organisations are required to notify users of any data security breaches that occur, within 72 hours of the breach
How does GDPR affect my Australian website?
GDPR legislation aims to protect EU citizens and their data. It is also still enforceable if the data of EU citizens is processed elsewhere in the world. Given the global nature of websites, chances are you may have European traffic visiting your site. So, there is a high chance you are storing EU user data, especially if your site captures personal information. If you’re not sure whether you are, check out your Google Analytics traffic sources and look for EU traffic. In addition, we can very likely expect US and Asian governments to follow a similar path with online legislation in the near future. So it’s certainly worth preparing your site to be compliant in the short term.
What can I do to make my website GDPR compliant?
The Office of the Australian Information Commissioner has prepared a detailed resource to help you understand the new EU GDPR laws. The AIC also demonstrates how businesses can make sure they comply with Australian and EU privacy laws. Once you understand what is required of you and your business, this 12 step guide from the Information Commissioner’s Office (UK) is straight-forward and helpful.
In some cases, you’ll need to update your website processes and notifications so that you are compliant – get in touch with your website developers and make sure they know how to plan for GDPR and data security compliance to ensure your business is protected.