What is GDPR and what does it mean to my Australian business?
April 19, 2023
Author name
What is the GDPR?
In April 2016 the European Parliament adopted the General Data Protection Regulation (GDPR), which regulates how businesses must handle, secure and share the data of EU residents. The GDPR applies from 25 May 2018, and has important implications for organisations inside and outside of the EU, including Australia.
Who is affected?
The GDPR applies to:
- EU-based businesses; and
- Businesses outside of the EU which:
- offer goods or services to individuals in the EU;
- have an office in the EU; or
- monitor the behavior of individuals in the EU (including profiling of individuals through online data).
Am I affected?
Examples of transactions (of a Western Australian business) that may come under the GDPR include:
- Taking an online booking for accommodation in WA from a tourist travelling from Paris;
- Obtaining credit card information, from an Australian travelling through Germany, to change their flight home; or
- Using information from companies profiling potential customers in Spain through their online preferences.
What is personal data?
The definition of personal data for the purposes of the GDPR is wide and includes any information relating to an identified or identifiable natural person. Such a person is referred to as a ‘data subject’. This information can include basic information, such as a name or address, to information about the person’s health, ethnicity, or credit card transactions.
What do I need to do? – Questions to ask yourself about your business
1. How does my business handle personal data?
The first step is to carry out an audit on your current processes and procedures. Knowledge is power. Without knowledge of how your business collects, uses, transfers, stores and removes personal data, it will be impossible to be sure your business is are meeting its obligations.
2. Does my business have a lawful basis for handling personal data?
Under the GDPR, your business must have a lawful basis for processing personal data. There are 6 lawful bases identified: consent, contract, legal obligation, vital interests, public task (processing data in the public interest) and necessity (where processing is necessary for the legitimate interests of your business). You should be able to identify under which category your business is processing an individual’s data.
3. Is my Privacy Policy (and Privacy Collection Notification Statement) relevant to my business and does it comply with the GDPR?
Having a template privacy policy and statement is not enough. A prime focus of the GDPR is transparency and accountability. A well thought out privacy policy and statement will tell your clients and customers the steps your business is taking to protect their data and comply with privacy laws.
4. Do my third party suppliers comply with the GDPR?
You may still be liable for a data breach that did not occur on your watch, if the breach occurred with data shared with a third party. Your business should take active steps to ensure that relevant third party suppliers also comply with data protections laws, including the GDPR.
5. Has my business taken appropriate steps to secure the personal data it is processing?
The protection of personal data has never been more important. Significant penalties apply under the GDPR (and local privacy laws), and there are stringent requirements for notification and reporting on breaches. Taking measures to ensure adequate protection, can include: deciding when to process personal data, deciding when to destroy it, and ways to avoid the misuse or interference with personal data. As well as ensuring your compliance with the GDPR, such measures will give your customers and clients peace of mind in choosing to entrust you with their data.
Large scale & sensitive data dealings
If you are collecting or processing data of EU individuals on a large scale, or are processing sensitive data, further obligations may apply, including the appointment of a data representative in the EU.
If you would like more information on this issue, please contact Bailiwick Legal at (08) 9321 5451.
The above information is a summary and overview of the matters discussed. This publication does not constitute legal advice and you should seek legal or other professional advice before acting or relying on any of the content.
Our June 2024 newsletter is now available. Have a read to find out what we have been up to in the first half of the year!
The International Sustainability and Carbon Certification (ISCC) System has come to the attention of many Western Australian farmers recently, as the scheme has changed one of its policies regarding aerial spraying. What is the ISCC? The ISCC is one of the world’s largest voluntary sustainability certification schemes enabling participants to demonstrate they are producing materials in a sustainable way that meets or exceeds community expectations. In Australia it is widely used in the canola industry, enabling Australian canola growers to access the European biofuel market. CBH Marketing and Trading holds certification for the ISCC EU and ISCC PLUS programs, that cover canola, barley, oats, wheat and lupin, allowing WA growers to participate in both programs. Participating in the ISCC program can result in a premium on grain, however participants are subject to more stringent measures to satisfy sustainability accreditation requirements. Recent decision on aerial spraying ISCC Principle 2.6.2 prevents aerial spraying from taking place within 500 metres of a body of water. CBH has successfully lobbied for an exemption to this Principle, for farm dams and salt lakes of low ecological value. As part of its lobbying, CBH provided expert reports to the ISCC on the hydrology and ecology of WA farm systems. For farmers who are signed up to the ISCC program, this removes an obstacle during the season for weed management. The Principle does still require a 500 metre buffer for other bodies of water, including freshwater lakes, rivers, ponds or creeks. However, for those who farm yabbies and marron, this change may not be welcome. Marron and yabby farmers have noticed impacts on their populations where aerial spraying has taken place close to their properties, and aerial spraying can unintentionally damage natural vegetation, including young and old growth trees. For growers, it’s always prudent to follow best practice guidelines for aerial spraying to avoid spray drift – including monitoring weather conditions and the effect of water added to the chemical. For some farmers, this decision may prompt an examination of whether signing up to the ISCC program might be best for their business. In this circumstance, it is important to weigh up the potential benefits of the program compared to the sustainability accreditation requirements. For others, this decision is a timely reminder to stay up to date with best practice guidelines when it comes to spraying, particularly during the seeding season. For assistance with all of your agribusiness needs, contact Bailiwick Legal on 08 9321 5451 or email office@bailiwicklegal.com.au By Ciara Nalty (Solicitor) For further information about our legal services, please visit our website: https://www.bailiwicklegal.com.au The above information is a summary and overview of the matters discussed. This publication does not constitute legal advice and you should seek legal or other professional advice before acting or relying on any of the content.
How does the Annual Wage Review affect workers and small business owners? Each year, the Fair Work Commission reviews the National Minimum Wage and the minimum wages set out in awards. Cost of living and inflation are front of mind for both employers and employees, and this year’s Annual Wage Review is likely to see an increase in the minimum wage and award rates. The Annual Wage Review is conducted by an Expert Panel, which takes submissions from interested groups, including the Federal Government, unions, and business lobby groups. The Federal Government’s submission to the Wage Review this year called for an increase to the minimum wage, though not specifying an amount. The Australian Chamber of Commerce and Industry has advocated for an increase of 2 per cent, at most. The announcement will likely take place in early June and any increase to the national minimum wage will take effect in the first full pay period on or after 1 July 2024. Failure to pay employees at least the minimum rate that is set out in an applicable award can result in penalties, including requirements for back pay and fines. The Fair Work Ombudsman uses its enforcement powers to issue compliance notices to employers, and recovered $14.8 million in unpaid wages in 2022-23. Small and medium businesses are subject to the same scrutiny as large businesses. For business owners, this is a timely reminder to review employment agreements and payments to staff. You should be conscious of which awards cover your staff members, as award rates for each level increase commensurate with the national minimum wage increase. It is also important to be aware of employee entitlements and set-offs, to ensure you are paying employees what they’re entitled to and avoiding future claims. If you are not sure what award your employee is covered by, have a question about employment conditions or require any other assistance with employment and workplace matters contact Bailiwick Legal on 08 9321 5451 or email office@bailiwicklegal.com.au . By Ciara Nalty (Solicitor) For further information about our legal services, please visit our website: https://www.bailiwicklegal.com.au The above information is a summary and overview of the matters discussed. This publication does not constitute legal advice and you should seek legal or other professional advice before acting or relying on any of the content.
Working with you, working for you
