Resources for Professional Firms

Why Australian businesses need to pay attention to the EU General Data Protection Regulations

Australian accountant Jamie Towers explains the potential ramifications of new data protection rules in Europe for Australian businesses.

Main Image

Australian businesses will now have to consider whether new European privacy regulations will apply to them. Jamie Towers, partner at Hanrick Curran and Asia Pacific Chair of Alliott Group, comments that while the GDPR share many similar principles of the Australian Privacy Act, "they go further and require businesses to take active steps to protect individuals' privacy, including an ‘opt in’ approach to tackling SPAM."

The European Union (EU) General Data Protection Regulations (GDPR) contain new data protection rules that apply from 25 May 2018. Towers comments that Australian businesses will need to comply with GDPR if they have an establishment in the European Union (EU), offer goods or services in the EU or monitor behaviour of individuals in the EU. 

Practical steps Australian businesses need to take

Towers explains that once GDPR is operational, businesses are required to secure the consent of individuals to handling their personal data (opt in): "This consent must be freely given, specific, informed and unambiguous. For example, individuals must click a button, or consent in writing (e.g. email) to continue to receive communications your communications. Silence, or inactivity, or providing pre-completed consent boxes are not considered consent. Neither is assumed consent with an unsubscribe button at the bottom of an email. In addition, if people do consent to communication, opting out of further communications must also be simple."

Breaches could incur stiff financial penalties

According to Towers, sanctions for breaches of the new regulations can be as high as Euros 20 million in fines or 4% of company turnover, whichever is higher.

What next?

If your business has customers in Europe, or you have contacts in Europe that receive your communications, you should consider how these new regulations will apply and take steps to comply. For help and advice, contact Jamie Towers in Brisbane, Australia or visit our GDPR resource hub