Posted: 11th June 2018
Posted in: Latest News
You may have received information recently from Google or other providers regarding the European Union General Data Protection Regulation (the GDPR), came into force on 25 May 2018.
So, what is GDPR and is it something that you as an Australian business should be concerned about. We have put together the following to help explain and give simple answers.
GDPR is the new European Union regulation that surrounds data protection, retention and privacy. It is designed to regulate and protect the personal data of individuals who reside in the EU through the cycle of collection, retention, use, transfer/sharing and deleting of data.
The GDPR covers similar ground to the Australian Privacy Act and The Australian Privacy Law. However the GDPR is considered more wide-ranging and comprehensive. It is also reasonable to assume it will become the ‘standard’ as the privacy legislation across the globe.
In simple terms the central requirements of GDPR are:
For those that have more interest read on ……
The first question to ask yourself is ‘do you supply goods or services to individuals in the EU?’ If you do then your business will be expected to comply.
The second questions is ‘do you deal with any personal information held by EU corporate customers or suppliers?’ In other words, do you have any suppliers that are passing any information on EU citizens down the line which process personal information for your business, if you do then you should also comply.
While the GDPR is complex in detail, essentially the differences are:
Privacy Policy – The first step is to make sure your Privacy Policy and/or Terms & Conditions are accurate, up to date and clearly communicate to the user exactly what data you are collecting, how you intend t use it and how they can easily contact you if they wish to check, amend or delete their data. We recommend running your Privacy Policy past your legal people to ensure it covers all aspects of privacy requirements.
Consent – all consent should be action based opt-in, no setting checkboxes to ‘Yes’ or ‘I Agree’ by default. For an online store using ‘Agree to terms’ on both sign-up and check-out is suggested.
Only Collect What You Need – only collect what you really need. If you don’t need a date of birth or other details don’t ask for them. If you do then tell the user why you need it and how it will be used (Privacy Policy)
SSL Security (Encryption) – any website capturing personal information in any way should have site-wide SSL. This is now common expectation.
GDPR Checklist – a full checklist is available here
The above is a quick interpretation to assist our clients. We suggest that if you are dealing with customers or suppliers from the EU that you check with your legal contacts to explore the detailed requirements, also with your accountant about transaction data retention requirements, particularly if your online store is the primary record of your transactions.
© 2004 - 2024 7thVision - Web Design Gold Coast Support Requests | Terms & Conditions