New privacy laws with Potential Fines of €20M or 4% of Turnover for Australian Businesses

TIME TO UPDATE YOUR PRIVACY POLICY

Australian businesses can be liable for huge fines under new data protection laws in the European Union.

WHAT IS THE GDPR?

The General Data Protection Regulation (“GDPR”) of the European Union (“EU”) sets out strict online privacy laws aimed at streamlining data protection globally.

The requirements of the GDPR are broadly similar to those set out in the Privacy Act 1988 (Cth) (“Privacy Act”) of Australia, but the new EU legislation has much harsher penalties.

HOW COULD THIS APPLY TO ME?

Although the GDPR is European legislation, it has extra-territorial application that can catch out unsuspecting Australian businesses.

Even if your business does not have an establishment in the EU, you could be liable if your business “controls” or “processes” personal data of data subjects in the EU, where those activities relate to:

  • offering goods or services to EU citizens, irrespective of whether payment is required; and/or
  • monitoring their behaviour so far as it takes place within the EU. This could include tracking how visitors from the EU interact with your website and social media accounts.

WHAT ARE THE PENALTIES?

The penalties for breaching the GDPR could be crippling to your business.  You could be fined the higher of:

  • EUR €20 million; and
  • 4% of the total worldwide turnover of your business in the preceding financial year.

Not a risk worth taking.

HOW DO I BECOME COMPLIANT?

To comply with the GDPR, you need to:

  • be aware of the new rights granted to data subjects in the EU; and
  • update your website Privacy Policy. You may also need to update related legal documentation, such as your terms of business.

Your business may also need to appoint a representative in the EU as a point of contact for EU data subjects and regulators.

PRIVACY POLICY UPDATES

As the penalties for non-compliance are so large, consult a lawyer to update your Privacy Policy to take into account the GDPR requirements.  If you don’t have a Privacy Policy, put one in place now to ensure compliance with both Australian and overseas laws.

You could be fined EUR €20 million or 4% of annual global turnover for breaching the GDPR, even if your business has no EU establishment.

More Information

ABOUT FINN ROACHE LAWYERS

At Finn Roache, we offer a bespoke personal service that’s tailored to your needs. First established in 1921, we have been offering commercial and corporate advice to the business community for almost 100 years. As a boutique firm, our clients are at the heart of what we do. Our clear communication and practical approach have won us a loyal client base across a century of work. We specialise in helping businesses at every stage of their lifecycle, from start up to sale, expansion to acquisition.

CONTACT

Daniel Georges

Principal

T: 02 8297 1100
E: [email protected]

This guide should not be relied on as a substitute for obtaining legal, financial or other professional advice.  It is intended to provide general information only and is not intended to be comprehensive.  The contents do not constitute legal, financial or taxation advice and must not be relied upon as such.  You must seek specific professional advice tailored to your personal circumstances before taking any action based on this publication.

Should you require legal advice, please contact us.