Australian businesses may need to comply in two circumstances:
If the business has an establishment in the EU. This applies regardless of whether the business collects and processes personal data (and irrespective of where it is processed); or
If the business offers goods/services to EU citizens or monitors the behaviour of individuals in the EU.
The GDPR applies to the data processing activities of all businesses, regardless of size (which is somewhere the GDPR and the Australian Privacy Principles diverge — more on that below).
Have a Question?
Enter your details to get started