In May 2018, the European Union officially instated one of the most momentous laws regarding personal data – the General Data Protection Regulation, better known as GDPR.

What is it? The GDPR is a framework for the whole EU, rather than keeping separate laws for each county, all 28 nations will be held under this new legislation. And in some cases, Australia too.

Essentially, it could deem companies at fault if their security systems are weak and customers' data is lost or breached. The law applies to all personal data and will increase existing penalties for data breaches, the maximum fine being $20 million Euros or 4 per cent of an organisation’s yearly profit.

Since the GDPR is set in the EU, it naturally covers companies that process personal data there, but it also governs companies outside the EU that offer goods or services to or collect data on people in the EU.
In short, even though your business operates in Australia, if you sell a product, for example, to someone in the EU — you are also susceptible to the GDPR. In fact, even if you translate some of your website into an EU language, you may be eligible.

On the flip side, if you are a global business, like a retailer or someone who has an office or trades in an EU country, you automatically have to comply with the GDPR.

So, if you’ve received an email lately from the likes of Twitter or Amazon asking you to update your preferences or re-subscribe to a mailing list, it’s all due to the GDPR and global companies desperately trying to comply.

Australia may not be too far off adopting similar laws. In February, mandatory reporting law came into effect putting organisations at risk for penalties up to $1.8 million AUD, in the event customer’s personal data is lost or breached and not reported. 

With 63 data breaches reported within the first six weeks and human error listed as the number one cause, it’s no wonder data laws are ramping up worldwide.

Mandatory reporting may only be the beginning for Australia as data breaches become a daily headline in the news. Individuals will become increasingly wary of disclosing data and will look towards more secure and trusted organisations to handle their personal information. 

Now is the time to review your own data processes and procedures before a hacker, or more likely an employee, not only puts your customer’s data at risk, but possibly your entire business. 

But more importantly – with a renewed global impetus to increase personal data legislation, you don’t want to be left behind or at risk for copping a heap of avoidable fines.

To avoid any kind of breach, contact Kiandra to learn more about our security services.