You may have noticed a flurry of activity in the last few months from many Australian and global service providers taking a close look at their operations and updating their privacy policies.
Why? The GDPR of course, these four letters represent the future of global data protection and privacy laws. Privacy is a BIG deal and we’re going to explore what is changing and how this will affect you to make sure you’re covered!
What is the GDPR? GDPR stands for the General Data Protection Regulation privacy law in the European Union. This new regulation gives members of the EU the right over how, why and where their personal data is used – and for the first time, the right to be forgotten!
Who does it apply to? The GDPR laws apply to any individual or agency that processes or controls information on subjects within the EU – this includes collecting, recording, storing, disseminating or any other use of information.
Where will it apply? One of the key areas of the GDPR is the scope to affect you no matter where in the world you’re situated, so long as you are dealing with personal data in Europe.
When will it affect me? Now! The GDPR laws were passed in 2016 and came into effect in May 2018.
How did it come about? Data protection has a long history in Europe since the extensive abuse of personal data during World War 2 to persecute people by race, religious, sexual orientation and more. West Germany declared governance over personal data a human right in 1983 and 35 years later the EU has implemented the most extensive data regulation in the world.
Why is it so important? The GDPR aims to protect its citizens data privacy and empower them to choose how their data is used and who by, including the choice to withdraw consent to use it. Perhaps the most important consideration is the access to personal and sensitive information that could potentially be used to harm or discriminate against an EU citizen.
Implications?
So you may be wondering, if the GDPR covers European citizens and activity within Europe only, how does it affect me?
Well the implications of these laws will have an impact on all businesses who service a European market or monitor behaviours of citizens within the EU. If you’re still unsure if this is you it’s time for a quick fact check:
Do you offer international shipping?
Do you offer currency conversion or prices in Euros?
Do you have European language options on your website or language translations?
Do you record contact information on a database to use for your marketing?
Do you clearly state you service the European market..?
– what about monitoring behaviours? –
Do you use Facebook Pixels to track data on your international audiences? What about Google Analytics and website cookies?
If you answered yes to any of the above, then the GDPR affects you!
What happens if I misuse the data?
Depending on the scale and intent of the data breach you could be looking at a whopping 4% of annual global turnover.. for Google that would be $4.4 Billion USD.
Okay, how about a case study to wrap my head around GDPR laws?
Let’s imagine Claire operates a winery in the Barossa Valley and markets her wines to an international audience including Europe. She allows currency conversions using PayPal into GBP, Euros and USD. Claire is considering opening Bed & Breakfast on her property and wants to do some market research on her European customers to see if they would be interested in visiting the new B&B accommodation.
Would Claire be breaching GDPR privacy laws if she used her cellar door email database to conduct her market research?
Yes.
Claire would need to gain consent specific to the purpose of her market research – not marketing her wines. This also applies to the use of any personal data (names, emails, pictures, videos) or sensitive information (race, sexual orientation, health, etc.) that she has collected from any other source.
How do I comply with the GDPR and avoid millions of Euros in fines?!
Easy! If you are marketing to an international audience, storing or using personal data from the EU including web hosting, cloud services, marketing or advertising follow this handy checklist to ensure your business stays compliant and out of trouble.
- Conduct an audit on what information you are collecting, where it comes from, who it is sent to and where it is stored
- Confirm whether you are specifically or intentionally marketing to, or monitoring information about activities in the EU
- Review your privacy policy and data collection methods, have you got consent to use it?
- Ask us for help if you need it!
Some content in this article is based on a presentation given by Paul Gordon from Wallmans Lawyers. Paul’s details can be found at www.wallmans.com.au