General Data Protection Regulation – Guidance for Australian Businesses

The scope of the General Data Protection Regulation (GDPR) is very broad and applies to non-European businesses. In an increasingly global and interconnected business market place, the vast majority of Australian businesses risk triggering the application of the GDPR.

Australian businesses of any size are required to comply with the GDPR if they:
• have an establishment in the European Union (EU) and process personal information as part of their activities;
• offer goods and services in the EU; or
• monitor the behaviours of individuals in the EU.

The new GDPR major game changes include:
• An expanded scope (now applying to non-EU companies)
• Consent requirements and guidance made more stringent;
• Data breach reporting requirements;
• Significantly increased fines (Max EUR 20 million or 4% of annual worldwide turnover);
• New profiling restrictions.

The GDPR has some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act. This module will assist you to understand whether your businesses are covered by the GDPR, and if so, take steps to implement any necessary changes to ensure compliance. This course relies on resource provided by the Office of the Australian Information Commissioner.