What will the new EU Privacy Laws mean for your business?

Share on twitter
Share on linkedin
Share on facebook


As of 25 May 2018, the European Union General Data Protection Regulation (GDPR) will implement a new extra-territorial data protection regime, which will impact Australian entities that handle personal data of EU residents.

Thankfully some of the provisions of the GDPR mirror those of the Australian Privacy Act 1988, which Australian entities are hopefully already familiar with. However, there are numerous substantive differences and unique requirements that go beyond the Australian position.

It is therefore important for organisations with operations in the EU to determine whether or not the GDPR applies to them and to ensure their personal data handling practices are brought into compliance before next year’s deadline.

Does my business need to comply with the new EU regulations?

You will need to comply with the GDPR requirements if your business or organisation:

1. has an ‘establishment’ within the EU (an effective and real exercise of activity through stable arrangements), whether or not personal information is actually processed in the EU;
2. is outside the EU but conducts data processing or controlling activities and offers goods or services to individuals within the European Union whether or not payment is required; or
3. is outside the EU but conducts data processing or controlling activities and monitors behaviours of individuals within the European Union, whether or not such behaviour occurs in the EU.
This will most likely encompass Australian entities that have EU clients, have local operations in the EU or otherwise hold personal information on EU residents.

What key changes will the GDPR implement?

• Data controllers will have weightier accountability and governance obligations.
• Personal data may only be processed with an individual’s consent which must be freely given, specific, informed and unambiguous.
• If a data breach occurs, relevant authorities and the individuals concerned must be notified without delay (if possible within 72 hours).
• Rights of individuals will be broadened to include the right of erasure, the right to data portability and the right to object to the processing of personal data.
• Entities who outsource their data processing to a third party will be required to document their relationship with the third party in a contract containing certain specific clauses.
• Transfer of personal data to countries outside the EU will be limited to those which the EU Commission approves as adequately safe.

What should I do next about GDPR?

Substantial sanctions for breaches of the regulations apply. Therefore organisations with operations or clients in the EU should analyse the extent to which they hold personal data of EU residents and determine whether they fall into the definition of ‘data controller’ or ‘data processor’ under the GDPR and determine the scope of their responsibilities under the GDPR. They should also seek professional advice on how to bring their data protection policies and practices into accord with both the Australian and EU requirements.

You may like to complete our FREE GDPR Readiness Questionnaire so that we can help you assess where you stand with GDPR and the work required. Our initial assessment and response is free of charge.

Check out our other articles on the topic of the Data Protection Officer (DPO) here.

Compliance Quarter are providing a range of innovative services to help our clients navigate GDPR – to enquire directly please click here.

More to explorer

Window lights in multistorey house at night, Kuala Lumpur

A Guide to the Role of the Metering Coordinator

In the complex landscape of the electricity market, the role of the Metering Coordinator (MC) is crucial for ensuring the accurate measurement and efficient coordination of metering services. With the National Electricity Rules (NER) as the guiding framework, AEMO has published a guide to the role of a metering coordinator and this article serves as a summary of that role drawing on the guide. Understanding the Purpose and Scope: The Guide to the Role of the Metering Coordinator is specifically

Digital electric meters in a row measuring power use. Electricity consumption concept.

Roles and Functions in Electricity Metering: A Short Guide

Electricity metering is a complex process that requires the collaboration of various entities to ensure accurate measurement and efficient energy management. Understanding the roles and responsibilities of these entities is crucial for maintaining compliance and facilitating the smooth functioning of the electricity market. In this article, we will explore in detail the key roles in electricity metering, including Financially Responsible Market Participants (FRMPs), Metering Coordinators (MCs), Metering Providers (MPs), and Metering Data Providers (MDPs), as outlined in Chapter 7 of

Preparing to Apply for a Retailer Authorisation: A Comprehensive Guide

The Australian Energy Regulator (AER) oversees the authorisation process for energy retailers in Australia. If you’re considering joining this market, it’s crucial to understand the AER’s guidelines and requirements. This article will outline the preparatory steps your business needs to take before applying for a retailer authorisation.

Leave a Reply

Your email address will not be published. Required fields are marked *