An experienced Gold Coast web design agency creating unique digital solutions since 2004.
You may have received information recently from Google or other providers regarding the European Union General Data Protection Regulation (the GDPR), came into force on 25 May 2018.
So, what is GDPR and is it something that you as an Australian business should be concerned about. We have put together the following to help explain and give simple answers.
GDPR is the new European Union regulation that surrounds data protection, retention and privacy. It is designed to regulate and protect the personal data of individuals who reside in the EU through the cycle of collection, retention, use, transfer/sharing and deleting of data.
The GDPR covers similar ground to the Australian Privacy Act and The Australian Privacy Law. However the GDPR is considered more wide-ranging and comprehensive. It is also reasonable to assume it will become the ‘standard’ as the privacy legislation across the globe.
In simple terms the central requirements of GDPR are:
For those that have more interest read on ……
The first question to ask yourself is ‘do you supply goods or services to individuals in the EU?’ If you do then your business will be expected to comply.
The second questions is ‘do you deal with any personal information held by EU corporate customers or suppliers?’ In other words, do you have any suppliers that are passing any information on EU citizens down the line which process personal information for your business, if you do then you should also comply.
While the GDPR is complex in detail, essentially the differences are:
Consent – all consent should be action based opt-in, no setting checkboxes to ‘Yes’ or ‘I Agree’ by default. For an online store using ‘Agree to terms’ on both sign-up and check-out is suggested.
SSL Security (Encryption) – any website capturing personal information in any way should have site-wide SSL. This is now common expectation.
GDPR Checklist – a full checklist is available here
The above is a quick interpretation to assist our clients. We suggest that if you are dealing with customers or suppliers from the EU that you check with your legal contacts to explore the detailed requirements, also with your accountant about transaction data retention requirements, particularly if your online store is the primary record of your transactions.