GDPR

5 Quick Tips for

GDPR Compliance

← Back to Data & Privacy

Posted by Minna Boyle on 15 March 2019

At the start of 2018, your inbox was probably getting flooded with emails from companies updating their Privacy Policies for the GDPR.

The General Data Privacy Regulation (GDPR) is a European Union law that came into effect in May 2018.

Why is this such a big deal?

It’s because the GDPR introduced changes to EU privacy laws that impact businesses all around the world.

Any data collected from a customer in the EU is now protected under the GDPR. It doesn’t matter where the data is processed – even Australian businesses with EU customers have to comply.

If you’re worried about how the GDPR could impact your Australian business, check out our 5 quick tips for GDPR compliance.

But first…

Privacy Law in Australia

Before getting to the European laws, it’s important to remember that Australia also has privacy laws that Australian businesses must comply with.

The Australian Privacy Principles are quite stringent, but there are some extra considerations under the GDPR. We’ll take you through these differences in this article.

It’s also important to bear in mind that the GDPR is a complex regulation with many different requirements. It’s not possible to follow this 5 tips and know you are 100% compliant.

These tips are designed to help you address some of the most common changes Australian businesses need to make to get in line with the GDPR – if you need further compliance advice you should speak to a European lawyer.

Now let’s look at our 5 quick tips for GDPR compliance.

  1. Get A GDPR Compliant Privacy Policy

This one is easy and straightforward: Get a Privacy Policy that aligns with the GDPR privacy principles (as well as the Australian Privacy Principles).

Once you get this first step out of the way, you’ll be well on the right track.

That said, having a Privacy Policy is not enough. You actually have to do what the Privacy Policy says you will do! This is where the next 4 tips come in handy.

  1. Know About ‘Personal Data’ Under The GDPR

The types of personal information protected by the GDPR are more extensive than under Australian privacy law. You need to know what data is protected.

Under the GDPR, ‘personal data’ includes:

  • Name
  • Photo
  • Email address
  • Phone number
  • Mailing address
  • Identifying numbers (e.g. bank account number)
  • IP addresses
  • Biometric data (e.g. finger prints)
  • Mobile device identifiers
  • Geo-location
  • Behavioural and demographic profiling data
  1. Get A Cookie Pop-Up

One easy step in the right direction is to add a cookie information pop-up to your website.

This should include a link to your cookies policy outlining exactly what information you collect from your website visitors. You can check out cookie-script.com for a free and simple solution.

  1. Know About ‘Consent’ Under The GDPR

The GDPR has strict requirements for what it means for people to consent for their personal data to be collected.

Some of these are:

  • “Opt-in” requirement: If you give customers a check-box option to receive more communications from you, make sure you leave the box unchecked. They have to actively give their consent by checking the box themself.
  • “Obvious” requirement: Make sure your requests for consent are not hidden or ambiguous. Using a pop-up on your homepage is a good option.
  1. Store Your Data Properly

It’s a smart idea to clean up and invest in your data storage systems. You should try to find a good, secure CRM that can make sure your data storage is compliant.

At any time, you’re required to know the following things:

  1. The personal data you’re holding is secure.
  2. If necessary, you could find and access one person’s data in every place it’s stored.

This might sound pretty intense for a lot of small businesses. The reason for taking these measures is that under the GDPR, EU citizens have extra rights in relation to how and where their personal data is stored.

Subject Access Request

EU customers have the right to ask businesses how, why and where their personal data is being used. They can also request for this data to be deleted immediately, and the business must comply with this request.

If an EU customer asks you how, why and where their personal data is being used, you must provide them with an honest response, along with a copy of their personal data in an electronic format – free of charge.

To save time and stress, it’s smart to have a process in place for this situation. Preparing a template document in advance that outlines to the customer all the ways your business uses the personal data it collects is a good start.

The Right To Be Forgotten

If an EU customer asks you to delete their data, you must immediately delete the customer’s data from everywhere it is stored or used in your business.

This can be quite onerous – it’s not just your CRM or other databases. It’s all possible places that customer data could exist, including cookies, documents and archived emails.

Having a secure, centralised system for holding customer information can make it easier to locate all customer data at any time as needed.

There are serious fines and other penalties for non-compliance with these requirements.

What To Take Away…

These days, it’s important to take privacy law seriously. Particularly as an online business – or any business with a website.

If you’re based in Australia, make sure you comply with the Australian Privacy Principles. However, given that the internet allows you to have customers and users from around the world, sometimes you need to consider foreign laws too – like the GDPR.

These 5 quick tips are designed to help you make the first steps to getting in line with the GDPR as an Australian business. You can start by getting a GDPR Privacy Policy, cookies pop-up and opt-in subscription forms right now!

And remember – if you’re unsure about your GDPR compliance, you should get advice from a qualified, European lawyer.

Need help with a GDPR Privacy Policy?

We can help! Just get in touch and we can walk you through your options.

Get Started

Minna Boyle

Minna is the legal operations manager at Sprintlaw. After receiving a law degree from Macquarie University and working at a top tier law firm, Minna now manages the legal operations at Sprintlaw and puts a focus on making legal knowledge more accessible to the public.
Minna Boyle

Ask Us a Question

If you have any questions for our lawyers, please feel free to ask us by filling out the below.

  • This field is for validation purposes and should be left unchanged.

Related Posts

Share this Article:

Top