General Data Protection Regulations
In 2020 it is fair to say that we live in a digital world. We shop online, communicate online, research online, and store information online. As we continue to evolve as a society, our laws continue to evolve to protect us in the physical world and in the digital world.
On 25 May 2018, the General Data Protection Regulation (‘GDPR’) came into effect, the European Union’s data protection law. The GDPR does not just apply to business within the European Union, it applies to any business anywhere that uses personal data in relation to someone within the European Union. If you are an Australian business transacting with clients or other businesses within the European Union, the GDPR will apply to you.
The Main Principles of General Data Protection
Should the GDPR apply to you, you should be familiar with the seven main GDPR principles, summarised below. These can be found in detail on the ICO website.
- Data must be processed lawfully, fairly and in a transparent manner – you should have permission to use someone’s data and be clear about what you are using their information for;
- Data must be collected for specific and legitimate reason and must not used outside of the scope of the reason for which it has been collected unless it is in the public interest for scientific, research, historical or statistical purposes;
- The data that is collected must be relevant and limited to what is required in relation to the reason for which it was collected;
- Data must be accurate and up to date;
- Data must only be kept beyond what is necessary in relation to the reason that it was collected if it is for archival purposes in the public interest or for scientific, historical, research or statistical purposes;
- Data must be stored and processed in a secure manner; and,
- You are responsible for demonstrating that you are compliant with the GDPR laws, you should have a privacy policy outlining data that you collect and how it is used and be transparent in communicating with people enquiring about the collection and use of their data.
The GDPR also outlines the rights of individuals in relation to their data: right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object and rights related to automated decision making including profiling. To view the full Official PDF of the GDPR, click here.
Data protection is just one of many areas in which Australian businesses are required to be compliant. Effective compliance management can optimise your business processes and will ensure that your business operates within the relevant rules and regulations.
QSM Group is a leading professional services business with extensive experience assisting organisations and individuals to improve business performance through the provision of Training, Consulting and Mango Software Solutions. Contact us today to see how we can help your business.