Exactly what do Europe’s new privacy laws mean for your business?
Have you ever merely mentioned to a friend in passing about a need you have, or a product you’re interested in trying, only to have the very product or service pop up in an ad while you’ve been online? With the GDPR, there should theoretically be less mystery surrounding those ads, as companies need to be upfront about how they’re using your personal data; for example, if they’re using it to create profiles of people’s online actions and habits in order to influence ads.
Basically, the new law is aiming to hand back control to the consumer. Where we’ve all been warned that what’s on the internet is there forever, social networks will now be obliged to comply with user requests to delete photos posted when they were a minor, and in that scenario also inform search engines that the photo must be removed. Not only can users regain control of their personal data, but they will also be able to better understand and scrutinise the ways they allow their personal information to be used online in the future.
As a European law, you may think this doesn’t affect you or your business in Australia, but it actually has a worldwide impact. While the GDPR has many similarities to the Australian Privacy Act, there are a few notable differences, such as the “right to be forgotten”, which isn’t covered under Australian law. Not all Aussie businesses need to comply with GDPR, but if yours has an establishment in the EU (regardless of whether they process personal data in the EU), or offer goods and services or monitor the behaviour of individuals in the EU, you will need to be compliant.
You can get more information on compliance on the Office of the Australian Information Commissioner (OAIC) website.