Complying with privacy law in a global digital economy - Do you have the tools?

Regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law

Complying with privacy law in a global digital economy - Do you have the tools?

The GDPR came into effect on 25 May 2018. You’ll have no doubt noticed a spike in messages arriving in your inbox in the week or two leading up to 25 May (and in the case of certain stragglers, a week or two after) notifying changes to your favourite service provider’s privacy policy. Congratulations if you managed to read to the end of any one of these privacy policies! Chances are that most in Australasia didn’t pay much attention.

However, if you’re counsel for a corporation which has an EU presence, maybe you did sit up and take notice: especially when you looked into the global reach of the GDPR, and when you saw that organisations who fail to comply can be fined up to the higher of €20 million, or 4% of global turnover. That’s a lot of money in anyone’s books.

Fortunately, in most cases, you can relax – for a moment or two. How the GDPR will apply in practice to us Antipodeans remains to be seen, but what does seem fairly certain is that EU regulators will initially focus on enforcement against those organisations (mostly large US tech companies) that have a significant EU presence. For organisations that don’t, you may have a bit of breathing space, which should give you some time to prepare.

First, figure out if the GDPR applies to you. If the GDPR does apply to you, then this toolkit will help you get compliant.

If you establish that you’re not (yet) subject to the GDPR, don’t stop there. Take a look at what you are doing with personal data; ensure compliance with domestic legal obligations; and set yourselves up for the inevitable regulatory change that will follow as the effects of the GDPR spill over into the Australasian market.

Australia recently introduced mandatory data breach notifications, and the maximum fines for privacy breaches were ramped up. New Zealand is reviewing its 25 year-old Privacy Act, and many of the proposed amendments have their genesis in the GDPR.

In short, regulatory trends introduced by the GDPR are likely to shape the future of Australasian privacy law. And in a global digital economy, consumers expect consistency of approach. Australasian business should look to what their EU counterparts are doing, and set themselves up not only for inevitable privacy reform here, but also to align their offering with customer expectations.

---

Campbell Featherstone

Hayley Miller

Campbell Featherstone is a senior associate at national law firm Kensington Swan. He works alongside Hayley Miller, a partner who leads the firm’s technology, media and telecommunications practice.