Complying with privacy law in a global digital economy - Do you have the tools?

Regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law

Complying with privacy law in a global digital economy - Do you have the tools?

The GDPR came into effect on 25 May 2018. You’ll have no doubt noticed a spike in messages arriving in your inbox in the week or two leading up to 25 May (and in the case of certain stragglers, a week or two after) notifying changes to your favourite service provider’s privacy policy. Congratulations if you managed to read to the end of any one of these privacy policies! Chances are that most in Australasia didn’t pay much attention.

However, if you’re counsel for a corporation which has an EU presence, maybe you did sit up and take notice: especially when you looked into the global reach of the GDPR, and when you saw that organisations who fail to comply can be fined up to the higher of €20 million, or 4% of global turnover. That’s a lot of money in anyone’s books.

Fortunately, in most cases, you can relax – for a moment or two. How the GDPR will apply in practice to us Antipodeans remains to be seen, but what does seem fairly certain is that EU regulators will initially focus on enforcement against those organisations (mostly large US tech companies) that have a significant EU presence. For organisations that don’t, you may have a bit of breathing space, which should give you some time to prepare.

First, figure out if the GDPR applies to you. If the GDPR does apply to you, then this toolkit will help you get compliant.

If you establish that you’re not (yet) subject to the GDPR, don’t stop there. Take a look at what you are doing with personal data; ensure compliance with domestic legal obligations; and set yourselves up for the inevitable regulatory change that will follow as the effects of the GDPR spill over into the Australasian market.

Australia recently introduced mandatory data breach notifications, and the maximum fines for privacy breaches were ramped up. New Zealand is reviewing its 25 year-old Privacy Act, and many of the proposed amendments have their genesis in the GDPR.

In short, regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law. And in a global digital economy, consumers expect consistency of approach. Australasian business should look to what their EU counterparts are doing, and set themselves up not only for inevitable privacy reform here, but also to align their offering with customer expectations.

---

Campbell Featherstone

Hayley Miller

Campbell Featherstone is a senior associate at national law firm Kensington Swan. He works alongside Hayley Miller, a partner who leads the firm’s technology, media and telecommunications practice.

 

Free newsletter

Subscribe to our FREE newsletter service and we’ll keep you up-to-date with the latest breaking news, cutting edge opinion, and expert analysis affecting both your business and the industry as whole.

Please enter your email address below and click on Sign Up for daily newsletters from Australasian Lawyer.

Recent articles & video

‘Find and have confidence in your authentic voice,’ Ashurst lawyer says

Two new justices take the bench at the High Court

Ex-US bar presidents join the call for safe voting during the US elections

Logie-Smith Lanyon guides major property developer on $70m rail network co-development

Kobre & Kim expands Hong Kong partnership with offshore disputes veteran

Macpherson Kelley's inaugural CEO to retire

Most Read Articles

Macpherson Kelley's inaugural CEO to retire

MinterEllison WA managing partner appointed as secretary on World Services Group board

ASIC lays down historic penalty with NRF’s help

Holman Webb and Madgwicks Lawyers strengthen workplace practices with new partners