Put simply, it probably does! And yes, they absolutely should care!
The new EU Privacy law came into force on 25 May 2018, and applies to all Australian business (irrespective of size) if any one of the following apply:
- The business has a presence (office or people) in the EU, OR
- The business offers goods or services to individuals in the EU (whether at a fee or not), OR
- The business monitors behaviour of individuals in the EU (which includes using analytics software on its website).
And the business should care, or at least it should care, for a couple of reasons. Firstly, customers prefer to deal with companies that respect their privacy and their data so without complying the business is likely to lose customers. Secondly, if you don’t comply the company is exposed to fines of up to €20 million or 4% of global group turnover, whichever is the higher. Worse still, the EU privacy regulator could order the business to stop processing any EU personal data immediately.
Large companies in the US, for instance, are spending around USD 1-10 million on their GDPR compliance programs. And of course as the law has already come into effect (there is no “transition period”), businesses need to start with their compliance programs immediately as they are, no doubt, already in breach!