Many already have enough on their plate trying to tackle the country’s own mandatory data breach notification regime, which comes into effect in February.
Australian firms are lagging behind in their efforts to prepare for the European Union’s (EU) General Data Protection (GDPR) legislation, which is due to come into force in May 2018.
The new rules will affect all companies that do business with Europe and hold personal data about EU residents for purposes such as profiling and big data analysis. Failure to comply means they could risk fines of up to €20 million (US$24.1 million) or 4% of global turnover, whichever is higher.
The GDPR also applies to companies that trade with the UK as the country is still a part of the EU for now. It is expected to draw up similar legislation when it leaves the trade bloc.
GDPR basics: What organisations need to do
- Gain consent from individuals for the use of their data;
- Make it clear how the data will be used;
- Allow people to have their data deleted if they desire;
- Gain parental permission for processing data on children under 13 in the UK, and under 16 in the case of other EU citizens;
- Appoint a data protection officer to monitor the company's data processing activities;
- Report any data breaches to the authorities within 72 hours.
But experts warn that many Australian organisations are lagging behind in compliance terms, partly because they are focused on bringing their operations into line with the country’s own mandatory data breach notification regime, which is due to come into effect in February.
Lisa Vanderwal, special counsel in the Sydney office of international law firm Bird & Bird, said Australian businesses were only just getting an idea of what was involved. But due to various ‘grey areas’, she recommended that organisations seek legal advice about their exposure and take steps to ensure their privacy policy and data retention strategies are in order.
Source: Computer Weekly
Many already have enough on their plate trying to tackle the country’s own mandatory data breach notification regime, which comes into effect in February.
Australian firms are lagging behind in their efforts to prepare for the European Union’s (EU) General Data Protection (GDPR) legislation, which is due to come into force in May 2018.
The new rules will affect all companies that do business with Europe and hold personal data about EU residents for purposes such as profiling and big data analysis. Failure to comply means they could risk fines of up to €20 million (US$24.1 million) or 4% of global turnover, whichever is higher.
The GDPR also applies to companies that trade with the UK as the country is still a part of the EU for now. It is expected to draw up similar legislation when it leaves the trade bloc.
GDPR basics: What organisations need to do
- Gain consent from individuals for the use of their data;
- Make it clear how the data will be used;
- Allow people to have their data deleted if they desire;
- Gain parental permission for processing data on children under 13 in the UK, and under 16 in the case of other EU citizens;
- Appoint a data protection officer to monitor the company's data processing activities;
- Report any data breaches to the authorities within 72 hours.
But experts warn that many Australian organisations are lagging behind in compliance terms, partly because they are focused on bringing their operations into line with the country’s own mandatory data breach notification regime, which is due to come into effect in February.
Lisa Vanderwal, special counsel in the Sydney office of international law firm Bird & Bird, said Australian businesses were only just getting an idea of what was involved. But due to various ‘grey areas’, she recommended that organisations seek legal advice about their exposure and take steps to ensure their privacy policy and data retention strategies are in order.
Source: Computer Weekly
