We are writing to you to advise you of recent amendments to privacy laws in the EU which we consider may affect the way your business handles data and information within Australia.
What are the changes?
On 25 May 2018, the new EU General Data Protection Regulation (GDPR) came into effect. As a result of these changes, companies located all around the world have new obligations regarding the collection, storage and processing of personal data related to EU citizens. At the heart of the changes are new requirements for:
- privacy policies to use clear and easy-to-understand language to describe the ways in which data about customers is collected, used and stored;
- privacy policies to enable customers to control the information provided to companies;
- privacy policies to enable customers to access information held by companies about them;
- companies to appoint a Data Protection Officers where the company’s core activities involve regular and systematic monitoring of data subjects on a large scale; and
- companies to allow data erasure (the right of the data subject to be “forgotten”).
What businesses are affected by the changes?
Companies incorporated in Australia and elsewhere around the world are affected to the extent they supply goods or services to persons or entities within the EU.
What are the consequences of non-compliance with the changes?
Companies in breach of GDPR can be fined up to 4% of annual global turnover of 20 million Euros (whichever is greater) – although these are the most serious penalties imposed. Fines can also be imposed for failing to have records in order, failing to notify authorities of a data breach, and other breaches of the GDPR.
How can we help?
Consistent with our transparent approach to legal practice, we offer fixed fee rates for undertaking the steps above.
If you consider your business is affected and you would like us to undertake the above for you, please contact Aaron McDonald on firstname.lastname@example.org or 6188 3340.