GDPR: The Basics for Australian businesses

The General Data Protection Regulation (GDPR) approaches (25th May 2018), and will affect any organisation which processes personal data relating to people in the EU. Here’s what you need to know as an Australian business.

What is it?

GDPR is an EU regulation and applicable as law in all 28 EU countries. It concerns the personal data relating to people in the EU.

Generally speaking, it outlines principles such as processing data in a lawful, fair and transparent manner, data minimisation, data accuracy, and the elimination of any outdated/unused data.

The regulation will exist to provide stronger rights to individuals relating to their own personal data, and to implement stricter accountability compared to the 1995 Data Protection Directive.

Essentially, GDPR aims to modernise data protection to fit in with today’s landscape. GDPR will be applicable from the 25th May 2018.

Who does it apply to?

There are two categories relating to who the law applies to. The first being data controllers, which refers to any organisations which have relationships with data subjects. The second is data processors, which refers to any organisations which work for data controllers and process personal data on their behalf. This is also geographic, meaning any organisation which holds the data of people in the EU is affected.

Those are the very basics of GDPR. Our later blog posts will outline the rights of data subjects as well as responsibility of data controllers, to help Aussie organisations prepare for the regulation.

For more information on GDPR, head to the official European Commission site here. For Australian businesses, the OAIC has compiled a resource here.