Data is Big; it also carries new laws for all businesses trading with the EU.
Data is undeniably the #buzzword of the moment, and likely to remain that way.
The laws around data, data protection, data access and data destruction are emerging. But the train has left the station. It is no longer a matter or watching the space; it is a matter of doing. And doing so pronto.
In less than a month, the European Union General Data Protection Regulation (GDPR) will be implemented.
But what would an EU law mean for Antipodeans? Or for that matter, people outside of the EU? Potentially a lot. The new laws have extra territorial effects. Every Australian business with an establishment in the EU, or that offer goods and services in the EU, or that monitor the behaviour of individuals in the EU, may need to comply with the GDPR.
Given both the rise of online business resulting in global business transaction and the enormous scale of stored personal data, the implications are significant and far reaching.
We are not unfamiliar with privacy laws in Australia. The GDPR and the Privacy Act 1988(Cth) are similar. But there are notable differences about which we must be familiar. One, is an individual’s ‘right to be forgotten’, or le droit à l’oubli, currently without equivalent under Australian law. The right to be forgotten reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them. The European Court of Justice legally solidified the right to be forgotten as a human right when they ruled against Google in the Costeja case in 2014.
Australian businesses fast need to determine whether they are compliant with the GDPR, and if not, take immediate steps to ensure their data handling practices comply with the GDPR.
Checklist
As a preliminary checklist:
When does the GFPR Apply?
The GDPR applies to businesses that were:
- established in the EU;
- not established in the EU, but offer goods or services to EU based individuals, including by accepting the payment of Euros; or
- not established in the EU but monitor EU residents’ behaviour.
Examples for Australian Businesses impacted
- Australian businesses that deliver products to individuals in the EU; and
- Dealing with personal information of an individual in the EU (for example, an Australian citizen located in the EU obtaining legal or tax advice from an Australian lawyer/accountant).
Like to know more?
If you would like further advice on these new laws, and how they may impact you, please contact me. Thanks to Big Data, contact is pretty easy nowadays.