The EU General Data Protection Regulation (GDPR) new data protection requirements apply from 25 May 2018. The Office of the Australian Information Commissioner (OAIC) information bulletin explains how this might affect Australian businesses.
“The European Union General Data Protection Regulation (the GDPR) contains new data protection
requirements that will apply from 25 May 2018. These will harmonise data protection laws across the EU and
replace existing national data protection rules. The introduction of clear, uniform data protection laws is
intended to build legal certainty for businesses and enhance consumer trust in online services.
Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) (the Privacy Act) (known as APP
entities), may need to comply with the GDPR if they:
- have an establishment in the EU (regardless of whether they process personal data in the EU), or
- do not have an establishment in the EU, but offer goods and services or monitor the behaviour of
individuals in the EU.
[A processing activity ‘monitors the behaviour’ of individuals where individuals are tracked on the internet. This includes profiling an individual to make decisions about that person or to analyse or predict that person’s personal preferences, behaviours and attitudes (Recital 24, GDPR).]
These privacy laws include some similar requirements. Both laws foster transparent information handling
practices and business accountability, to give individuals confidence that their privacy is being protected. Both
laws require businesses to implement measures that ensure compliance with a set of privacy principles, and
both take a privacy by design approach to compliance. Data breach notification is required in certain
circumstances under the GDPR and under the Privacy Act (from February 2018). In addition, privacy impact
assessments, mandated in certain circumstances under the GDPR, are expected in similar circumstances in
Australia. Both laws are technology neutral, which will preserve their relevance and applicability in a context
of continually changing and emerging technologies.”
You can get the full OAIC bulletin here.