Surely the EU GDPR can’t apply to a small Australian business? And should they care?

Put simply, it probably does! And yes, they absolutely should care!

Image result for eu australia

The new EU Privacy law came into force on 25 May 2018, and applies to all Australian business (irrespective of size) if any one of the following apply:

  1. The business has a presence (office or people) in the EU, OR
  2. The business offers goods or services to individuals in the EU (whether at a fee or not), OR
  3. The business monitors behaviour of individuals in the EU (which includes using analytics software on its website).

And the business should care, or at least it should care, for a couple of reasons.  Firstly, customers prefer to deal with companies that respect their privacy and their data so without complying the business is likely to lose customers. Secondly, if you don’t comply the company is exposed to fines of up to €20 million or 4% of global group turnover, whichever is the higher.  Worse still, the EU privacy regulator could order the business to stop processing any EU personal data immediately.

The GDPR is the tough new gold standard of privacy compliance, and requires a complete “privacy by design and default” approach to the business, its customers, employees and suppliers; it demands transformational change.  It is not a case of a quick update to the company’s privacy policy, and she’ll be right. There are no quick fixes or silver bullets. The business will need to go through a carefully planned and fully documented compliance program encompassing all departments within the business. Even using outside experts, this will take 3-6 months for a small organisation and will cost $10,000s if not $100,000s of dollars.

Large companies in the US, for instance, are spending around USD 1-10 million on their GDPR compliance programs. And of course as the law has already come into effect (there is no “transition period”), businesses need to start with their compliance programs immediately as they are, no doubt, already in breach!