GDPR 101 for Australian-based Businesses..

What is GDPR how does it affect my work?

The European Union General Data Protection Right (GDPR) is a new set of rules designed to give EU citizens more control over their personal data. An integrated and automated approach to data protection compliance and assurance will be important for S-M enterprises to meet and monitor their GDPR requirements on time.

How does GDPR affect me?

If you collect, store or otherwise manage the data of individuals who live in the European Union, then that means that GDPR will apply to you.

To further understand how GDPR affects you, you need to determine whether your business is a controller or a processor. A controller is a company that has an ownership of the personal data, and because it has acquired the personal data in its database it then has every right and responsibility to decide what steps it will take to action it . A processor is a supplier that handles the data on behalf of the controller. As an example, a trucking company would be a controller and their direct mail courier would be a processor.

The primary responsibility for GDPR compliance lies mainly with the controller, particularly when it comes to securing user consent. However, processors are also liable to not deliberately consult or undertake a controller to manage their data in the unethical manner.

Therefore, GDPR affects all Australian organisations who trade or provide service to European Union companies and individuals regardless of whether they are the controllers or they use 3rd parties to process it. It also covers the right of all EU citizens who are currently working or residing in Australia.
A more precise definition is provided by the Office of the Australian Information Commissioner (2018) and the Australian businesses that are directly impacted by GDPR are:

• an Australian business with an office in the EU
• an Australian business whose website enables EU customers to order goods or services in a European language (other than English) or enables payment in euros.
• an Australian business whose website mentions customers or users in the EU
• an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.

There are quite a few similarities between GDPR and Australia Privacy Act 1988.

The GDPR and the Australia Privacy Act 1988 share many common requirements, including to (Australian Government, 2018):
o implement a privacy by design approach to compliance
o be able to demonstrate compliance with privacy principles and obligations
o adopt transparent information handling practices.
There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.

The cost of breaching GDPR
The cost of GDPR non-compliance is too high and serious to be ignored. If there is one thing that people know about the GDPR it’s that GDPR fines (administrative fines) can go up to 20 million Euros or 4% of annual global turnover, whichever of both is highest.

How can iComplied help with the GDPR Automation?

iComplied GDPR Checklist – iComplied comes with a prebuilt Custom pre-assessment GDPR Checklist which you can use to assess and monitor your organisations GDPR compliance in less than 10 mins. In addtion to GDPR, iComplied provides access to ISO27001 – Information Security Management System Checklist which if gained compliance to proves to your clientele you have a robust & secure system.

If you’d like to learn more about paperless compliance for your GDPR needs, iComplied offers an easy-to-use mobile platform at a reasonable price so that the upfront time and money needed to switch over to this new and improved method for conducting internal audits is minimal.

Take control of your internal auditing and supplier audits by BOOKING A DEMO, or registering for a FREE TRIAL.