Here is one more thing to add to your ever-growing to do list.
Due to a digital landscape that never stands still, there are new changes in global privacy law coming into effect May 25th. This change requires all Australian businesses to review their existing data policies and practices and upgrade them.
The impact of the European General Data Protection Regulation (GDPR) is far-reaching, and no business can afford to ignore the significant penalties in place for non-compliance.
Amongst other things, if you;
- are a business who operates a website which tracks and monitors behaviour
- have a blog where users fill out a form or enter a name and email address to comment
- have a website with plugins installed that use cookies for tracking
- are a business whose website mentions customers or users in the EU;
then you need to read on and implement some actions to avoid a hefty fine for failing to handle your user’s data appropriately.
We have provided you with an overview of the policy, how it impacts your business, the penalties involved and what you need to do to cover yourself.
What Is GDPR?
The GDPR is the culmination of four years of preparation and debate in Europe which has been designed to:
- Harmonise data privacy laws across Europe
- Protect and empower all EU citizens data privacy
- Reshape the way organisations approach data privacy
The GDPR bears many similarities to the current Australian Privacy Act 1988, but some fundamental differences will impact Australian businesses.
One of the biggest differences is the expanded rights for EU individuals including the ‘right to be forgotten’ and the ‘right to data portability’ giving them greater controls of who uses their data and how it is used.
When Does GDPR Come Into Effect?
The GDPR was approved by the EU parliament in April 2016 and comes into effect on Friday, 25th May 2018.
Who Does The GDPR Affect?
The GDPR not only applies to any organisation located within the EU but also includes any Australian business that falls into one or more of these categories:
- AU business with an office in the EU
- AU business whose website enables EU customers to order goods and services in an EU language or enables them to pay in euros
- AU business whose website mentions customers or users in the EU
- AU business that monitors the behaviour of individuals and use data processing to profile, analyse and predict personal attitudes or behaviours, e.g. Google Analytics or Re-Marketing tools
The last point is an interesting one. If your business operates a website with Google Analytics tracking, then you have an obligation to comply with the policy.
What Is The Penalty For Non-Compliance With GDPR?
The maximum fine organisations can receive for breaching GDPR is up to 4% of annual global turnover or 20 million euro for offences such as not providing sufficient consent to process data.
There is a tiered approach to penalties, for example, an organisation can be fined 2% of annual global turnover for failing to notify relevant bodies of a data breach.
How Can I Get My Business Ready For GDPR?
The topic of data protection is a hot one, and one that we believe will continue to develop in the short term. It may not take long for other countries, including Australia, to adopt a similar approach to the EU.
Therefore, Baker Marketing believes addressing GDPR compliance now will also serve you well in the future.
The first step is to identify your businesses level of interest in the GDPR, and then look to action the recommendations below.
All businesses with a website using cookies:
- Accept Google Analytics terms and conditions.
- Set a time-frame for user data retention within Google Analytics. The default is 26 months, and Baker Marketing is recommending 14 months.
- Review your Privacy Policy and update to ensure compliance with the Australian Privacy Act 1988 and the EU GDPR.
- Implement an opt-in/out capability for the absolute consent of using cookies on your website. The consent has to be specific and freely given, meaning that a statement such as ‘If you continue to use this site you accept the use of cookies’ no longer complies. Users need to be given the option to accept or decline the use of cookies when browsing your website. For a WordPress website, there are plugins such as Cookiebot that will assist with compliance across cookie consent, cookie monitoring and cookie control.
- Enable IP Anonymity in Google Analytics. This means that the full IP address of your website users is anonymised at the earliest possible stage and this data is not collected. The impact of this is that there will be some loss of data accuracy in your Analytics location reporting.
This is a lot of information to take in!
We understand that there is a high level of complexity to the impending GDPR and Baker Marketing is here to help you cope with the changes. We can provide you with advice as well as assistance to implement the recommendations provided.
If you have any questions or would like to discuss this topic with one of our Marketing Consultants, please contact us today!