What is GDPR?
The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018. These will harmonise data protection laws across the EU and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services.
Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) (the Privacy Act) (known as APP entities), may need to comply with the GDPR if they:
- Have an establishment in the EU (regardless of whether they process personal data in the EU), or
- Do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU
Who does the GDPR apply to?
The GDPR applies to the data processing activities of businesses, regardless of size, that are data processors or controllers with an establishment in the EU. Generally speaking, a controller says how and why personal data is processed and a processor acts on behalf of the controller. Where a business has ‘an establishment’ in the EU, activities of the business that involve processing personal data will need to comply with the GDPR, regardless of whether the data is actually processed in the EU.
The GDPR also applies to the data processing activities of processors and controllers outside the EU, regardless of size, where the processing activities are related to:
- Offering goods or services to individuals in the EU (irrespective of whether a payment is required)
- Monitoring the behaviour of individuals in the EU, where that behaviour takes place in the EU
How can Vectra help?
Vectra has the resources to help you achieve GDPR compliance. We can assist you by conducting the following;
- GDPR preliminary gap assessment
- Assist with implementing appropriate technical and organisational measures, including data protection policies, to ensure and be able to demonstrate that processing complies with the GDPR
- Ongoing monitoring and assurance
More information for Australian Businesses
The following resources may assist Australian businesses to assess whether they are covered by the GDPR and the steps to be taken to comply:
- European Commission, 2018 Reform of EU Data Protection Rules
- European Data Protection Board (prior to 25 May 2018, the Article 29 Working Party) GDPR guidance
- Asia Pacific Privacy Authorities EU General Data Protection – General Information Document
- UK Information Commissioner’s Office Guide to the GDPR