NEW GDPR CYBER SECURITY LAWS - WHAT DO THEY MEAN?

Exactly what do Europe’s new privacy laws mean for your business?                 

Unless you’ve been on a desert island without Wi-Fi for the past month (and if you have, welcome back you lucky thing!) you’ll be aware at the very least that Europe has new privacy laws. You’ll also be aware from the hype and (mild) hysteria in the news and over your social media networks that they’re kind of a big deal, and you’ve probably received (and subsequently deleted) enough privacy policy update emails to rival the likes of Click Frenzy day.

Basically, as a result of the massive data breach that occurred during the 2016 US Presidential Election campaign where data-mining firm Cambridge Analytica was able harvest data from potentially more than 87 million Facebook users, not only has Facebook changed their privacy policy, but European law has been changed to ensure consumers are aware of how their personal data is being used.

Known as the General Data Protection Regulation, or GDPR, this law means the end of endless blocks or pages of fine print, or having to tick a box agreeing to the privacy policy before you can sign up to a webpage. Instead, business owners need to be absolutely clear about how they collect and use personal data (things like full name, home address, location data, IP address, and the use of identifiers that track web and app use on smartphones).

Have you ever merely mentioned to a friend in passing about a need you have, or a product you’re interested in trying, only to have the very product or service pop up in an ad while you’ve been online? With the GDPR, there should theoretically be less mystery surrounding those ads, as companies need to be upfront about how they’re using your personal data; for example, if they’re using it to create profiles of people’s online actions and habits in order to influence ads.

Basically, the new law is aiming to hand back control to the consumer. Where we’ve all been warned that what’s on the internet is there forever, social networks will now be obliged to comply with user requests to delete photos posted when they were a minor, and in that scenario also inform search engines that the photo must be removed. Not only can users regain control of their personal data, but they will also be able to better understand and scrutinise the ways they allow their personal information to be used online in the future.

As a European law, you may think this doesn’t affect you or your business in Australia, but it actually has a worldwide impact. While the GDPR has many similarities to the Australian Privacy Act, there are a few notable differences, such as the “right to be forgotten”, which isn’t covered under Australian law. Not all Aussie businesses need to comply with GDPR, but if yours has an establishment in the EU (regardless of whether they process personal data in the EU), or offer goods and services or monitor the behaviour of individuals in the EU, you will need to be compliant.

You can get more information on compliance on the Office of the Australian Information Commissioner (OAIC) website.

Also, check out our blog on how the changes to Facebook’s privacy policy affect your business.