Will your organisation be affected by the EU's General Data Protection Regulation?
The European Union's General Data Protection Regulation is due to begin in May 2018
In 2018, the Australian and global privacy and data landscape is shifting significantly, with the introduction of both:
- mandatory data breach notification (MDBN) under the Australian Privacy Act 1988 (Cth); and
- the new European Union privacy regime, the General Data Protection Regulation (GDPR).
Organisations should by now have taken steps to prepare for MDBN, which became law on 22 February. But many Australian organisations are not yet so familiar with the GDPR, which will come into effect on 25 May 2018.
The GDPR does not only apply to organisations based in the EU – instead, many Australian organisations will be caught by the GDPR. The GDPR will apply to organisations if they process the personal data of people in the EU and do any of the following:
- offer goods or services to people in the EU – for example, on a website or in marketing material that is in a European currency or language;
- monitor the behaviour of people in the EU – for example, by using cookies or other data processing or techniques which track individuals online; or
- have an office in the EU.
Where the GDPR applies, it is very demanding and the potential fines for non-compliance are eye-watering – up to €20 million or four percent of annual global turnover (whichever is higher).
This is an optimal time for organisations to:
- consider whether they fall within the ambit of the GDPR;
- map their data flows and understand the privacy implications; and
- review and, if necessary, amend their practices, policies and contracts to ensure that they are GDPR-compliant.
Maddocks offers a ‘privacy by design’ approach to proactively ensure whole organisations are privacy compliant. We believe that organisations who are robustly prepared can adjust to the new privacy and data landscape with confidence. For more information about the new privacy laws and practical ways to prepare for them, you can access our framework for preparing for the new mandatory data breach laws and our GDPR survival guide, both of which are co-authored with data security experts Commvault.
New point of law: What can be considered as a protected document?
A look at Environment Protection Authority v Sydney Water Corporation  NSWLEC 119.
Applications to replace trustees in bankruptcy: Insights for trustees from the bankrupt estate of Salim Mehajer
By Marelda Hibberd & Michael Wells
The Court’s judgment and insights to assist trustees navigate difficult estates and deal with recalcitrant bankrupts.
Australian Modern Slavery Act Review: what you need to know and how you can prepare
By Sonia Sharma, Chloe Tutt, Javvad Jaffry, Colin Yuan
Our anti-modern slavery compliance experts outline some of the key recommendations from the Report.
Stormy weather delays Microsoft’s acquisition of Activision Blizzard
Global regulators out of sync on Microsoft's $69 billion purchase of video game giant.