In May 2018 the European Union (EU) enforced new data privacy laws, which aimed to protect EU citizens’ online data while reshaping companies’ approach to data privacy on a global scale.


The General Data Protection Regulation (GDPR) introduced policies surrounding consent, access and erasure of data as well as data breach penalties for all companies processing personal data of subjects residing in the EU. With fines up to 2% of a company’s global turnover, the GDPR has unsurprisingly led to companies that service EU citizens reforming their data handling policies, storage and infrastructure in order to become compliant.  

While the GDPR was introduced in the EU, the Australian government is starting to move in a similar direction. The Notifiable Data Breach (NDB) scheme was introduced in February 2018 with significant penalties for data breaches and non-compliance. With increasing public concern around data privacy, Australian organisations need to start to plan for further tightening of data protection and privacy laws in Australia that will bring us closer to the EU’s GDPR laws.

 

What is GDPR?

The most significant effect of the GDPR is the established and prioritised rights of data subjects including their right to;

  • Be Informed – Conditions of consent are stricter with companies no longer able to use legal jargon in their terms and conditions. Consent must be informed, given in an accessible form and able to be retracted.
  • Access – Subjects must be able to access all data a company holds pertaining to them and have the right to ask where, and for what purpose, data is being held or used.
  • Rectify – Subjects have the right to ask for their personal data to be amended, either partially or in full.
  • Erase – Subjects have the right to ask for full erasure of all their personal data including and for a company to cease further dissemination of data or processing by third parties.

Additionally, the severity of penalties for data breaches has increased considerably, making compliance essential for any company dealing with Personally Identifiable Information (PII).

What are the Consequences?

Organisations operating in the EU (which includes non-EU companies collecting EU citizens’ data, or EU companies collection non-EU citizens’ data) who are in breach of GDPR can be fined up to 2% of their global turnover for the preceding financial year or 10 million euros – whichever is greater.

While the NDB in Australia is less severe, penalties of up to $10 million (or 10% of the company’s domestic annual turnover) still apply to all businesses and not-for-profits with annual revenue exceeding $3 million, and all health care providers, credit providers, credit reporting bodies and entities that trade in personal information.
 

In the first year of GDPR over $89 million in fines have been handed down with over 206,000 cases and 94,622 individual complaints… - IAPP


How to Prepare for Tighter Online Privacy Laws  

Whilst laws at the same level as GDPR may not have arrived in Australia, organisations can start to prepare for the inevitable changes to put the foundations in place for future compliance.


Audit
An initial audit of will determine your existing level of compliance to Australian privacy laws as well as provide a baseline of your current data handling competency.
An audit would include a review of your infrastructure to make sure you are able to access and control all data that you collect (or data that is collected on your behalf), examining how you classify your data to identify PII and a review of your existing policies and procedures relating to data collection, handling, storage and usage.

Centralise
When making decisions on your Marketing Technology (MarTech) stacks you should try to avoid setting up fragmented multi-platform solutions – while these can be integrated for compliance, it can be difficult and costly to implement and maintain. Where possible you should try to centralise your MarTech stack to simplify and unify your data handling processes. 

All-in-One Content Management Systems (CMSs) exist to integrate content management, ecommerce and digital marketing in one solution. Various enterprise platforms such as Kentico, Sitecore and Episerver offer an all-in-one option and, with careful selection based on your company’s unique needs, this can be configured to ensure both ease of data handling law compliance as well as optimal data security.    


Take Action
Once you’ve identified the gaps or shortcomings of your data handling processes, you’ll need to amend each policy, process or system to mitigate the risk of a data breach. This will include:

  • Altering (or creating) data handling policies
  • Adjusting your Privacy Policy
  • Ensuring you’re able to access all stored data
  • Ensuring you’re able to amend, erase or provide access to all stored data if requested by a data subject
  • Providing data handling training for all staff involved in these processes
  • Creating a procedure for the event of a data breach
 

PwC surveyed 200 companies with more than 500 employees and found that 68% planned on spending between $1 and $10 million to meet the GDPR regulation’s requirements.


If you’re not overly familiar with what your data handling responsibilities are, we recommend you seek guidance from those who do. Many digital agencies will offer consulting services and provide expertise on auditing, centralising and amending data handling policies, procedures and systems. Look for an agency who has data handling certifications and extensive experience working with data on an international level.

If you’re concerned about your company’s compliance with Australian or European data privacy laws, please get in touch to hear from one of our data experts.

You may also like

Revium Earns Data Handling Trust Mark

With more than 20% of our CX, Data and Digital consultants now certified, Revium has earned the ADMA Trust Mark. This data security and handling accreditation gives our clients confidence and verifies Revium’s ability to handle sensitive data in line with legal and ethical obligations.

Keep Reading

Digital Marketing Services

We offer professional, data driven end-to-end services across all digital channels. Digital marketing works in a way that traditional marketing doesn't: it allows us to measure the performance of every aspect of your digital marketing program to ensure you are getting optimal ROI for your marketing spend.

Keep Reading

News Bytes
  • Integrated IPPayment API with Alinta My Account website for online bill payment and processing

  • Built a fully customised price and deal management web application with sophisticated pricing formulas and business rules for Alinta Energy

  • Built custom MVC .NET to extend CPD system with functionality for audit, grace periods and automatic rollover for College of Anaesthetists

  • Implemented responsive web design using RESS for Clearview

  • Created 120 interactive PDF web forms using Adobe AEM Forms for Land Victoria's automated workflow

  • Built online dispute lodgment using .NET MVC and SQL Data Replication for Financial Ombudsman Service

Newsletter sign up

Every couple of months we send out an update on what's been happening around our office and the web. Sign up and see what you think. And of course, we never spam.