-
complete a contact form
-
buy something from an online store
-
sign-up for a lead magnet
-
sign-up to a newsletter
-
what GDPR is
-
how it impacts Australian business owners, and
-
what steps you can take to ensure compliance
What does GDPR stand for?
Is Australia a GDPR country?
-
Have EU customers or website visitors
-
Offer goods or services to EU residents
-
Monitor the behaviour of individuals in the EU
Key GDPR principles
There are six privacy principles in the GDPR:
-
Lawfulness, fairness, and transparency. You need to ensure your data collection policies don’t break the law. And that you’re aren’t hiding anything from your customers/clients. This is why having an easily accessible privacy policy is important. To remain transparent, make it clear in your privacy policy the type of data you collect and why you are collecting it.
-
Purpose limitation. You should only collect personal data for a specific reason and clearly say what that reason is. Only collect that data for as long as necessary to complete the outlined purpose.
-
Data minimisation. You must only process personal data to achieve your processing purposes. There are two reasons for this. Firstly, in the event of a data breach, the unauthorised individual will only have access to a limited amount of data. Secondly, data minimisation makes it easier to keep it accurate and up to date.
-
Accuracy. Accuracy of personal data is an essential part of data protection. The GDPR requires that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete.
-
Storage limitation. You need to delete personal data when it’s no longer necessary. How long is that? As long as the individual is considered a customer or client. This will vary from business to business. Therefore, it may be appropriate for you to seek legal advice about this.
-
Integrity and confidentiality. The GDPR requires personal data to be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Practical steps for GDPR compliance in Australia
If you have a subscriber list that includes EU subscribers, or you market your goods or services to EU citizens, then you’ll need to comply with the GDPR. Failure to do so may result in serious fines for breaching privacy.
- Have a privacy policy on your website. Ensure it’s easy to find on your website. I have it included in my footer.
- Ensure your privacy policy is GDPR compliant. Be mindful that having a privacy policy that complies with the Australian Privacy Policies (“APP”) is a great start, but the GDPR gives individuals even broader rights. Therefore, your privacy policy may require updating to cover the GDPR in addition to the APP.
- Store personal data in a readily available format. The GDPR provides individuals the right to: be informed, have access to their personal information, have their personal information corrected, data portability, to object to the processing of their personal information and automated decision and profiling.
- Remember that under the GDPR, consent must be explicit. Implied consent is not enough. Individuals may withdraw consent at any time.
- Check your subscriber or mailing list, if you have one. Contact any EU residents on your list and obtain their express consent to keep their information. If express consent is not forthcoming, you will need to delete their information.
- Update the contact form on your website to include a check box that reads something like “I have read your privacy policy and agree to you storing information on this form”. Do not have the box pre-checked. And have the words ‘privacy policy’ linked to your Privacy Policy page.
- Make it easy for individuals to unsubscribe from your marketing emails or have their information deleted. Platforms such as ActiveCampaign or MailerLite are good as they have an unsubscribe option in their emails.
Conclusion
Do not let the GDPR prevent you from having clients who are EU residents. See it as an opportunity to strengthen your data protection practices.
All you need to do is ensure that you’re GDPR compliant.
Need help with your GDPR or Privacy Policy wording?
If you need GDPR wording for your Privacy Policy, you can purchase the wording from Legal123. And if your website doesn’t have a Privacy Policy page, you can also purchase Privacy Policy wording too.
Note: This blog post isn’t intended to replace appropriate legal advice.
0 Comments