Complying with privacy law in a global digital economy - Do you have the tools?

Regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law

Complying with privacy law in a global digital economy - Do you have the tools?

The GDPR came into effect on 25 May 2018. You’ll have no doubt noticed a spike in messages arriving in your inbox in the week or two leading up to 25 May (and in the case of certain stragglers, a week or two after) notifying changes to your favourite service provider’s privacy policy. Congratulations if you managed to read to the end of any one of these privacy policies! Chances are that most in Australasia didn’t pay much attention.

However, if you’re counsel for a corporation which has an EU presence, maybe you did sit up and take notice: especially when you looked into the global reach of the GDPR, and when you saw that organisations who fail to comply can be fined up to the higher of €20 million, or 4% of global turnover. That’s a lot of money in anyone’s books.

Fortunately, in most cases, you can relax – for a moment or two. How the GDPR will apply in practice to us Antipodeans remains to be seen, but what does seem fairly certain is that EU regulators will initially focus on enforcement against those organisations (mostly large US tech companies) that have a significant EU presence. For organisations that don’t, you may have a bit of breathing space, which should give you some time to prepare.

First, figure out if the GDPR applies to you. If the GDPR does apply to you, then this toolkit will help you get compliant.

If you establish that you’re not (yet) subject to the GDPR, don’t stop there. Take a look at what you are doing with personal data; ensure compliance with domestic legal obligations; and set yourselves up for the inevitable regulatory change that will follow as the effects of the GDPR spill over into the Australasian market.

Australia recently introduced mandatory data breach notifications, and the maximum fines for privacy breaches were ramped up. New Zealand is reviewing its 25 year-old Privacy Act, and many of the proposed amendments have their genesis in the GDPR.

In short, regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law. And in a global digital economy, consumers expect consistency of approach. Australasian business should look to what their EU counterparts are doing, and set themselves up not only for inevitable privacy reform here, but also to align their offering with customer expectations.


Campbell Featherstone

Hayley Miller

Campbell Featherstone is a senior associate at national law firm Kensington Swan. He works alongside Hayley Miller, a partner who leads the firm’s technology, media and telecommunications practice.


Recent articles & video

American Bar Association issues ethics guidance on lawyers' use of listservs for pending matters

Canada joins international partners in addressing cyber security threats to civil society

US study finds largest law school scholarships awarded to white students

Hall & Wilcox assists Tobii Dynavox to acquire Link Assistive for $13m

Federal Court extends injunction against WA nursing union over misleading advertisements

HHG Legal Group grows employment team with two new hires

Most Read Articles

NSW Supreme Court sets trial date for landmark strip search class action

W+K adopts gen-AI tool designed for Australian legal market

M&A specialist Jim Langston joins Paul, Weiss Team in New York

G+T helps banks secure ACCC authorisation for mortgage aggregator assurance program