Securing Australia via our compliance platforms can help you comply with and manage your compliance with GDPR. If you have not started the journey of compliance with GDPR, our team of professionals can help you get started. Our compliance platforms have the GDPR compliance framework pre-populated to give you a quick start to compliance, with all 389 requirements listed with 284 controls pre-set to help you implement your compliance activity for GDPR.
At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It can also be implemented in countries such as Australia, but it has yet to be formally mandated. However, any company that operates in the EU countries (including the UK) still has to adhere to the rules when operating with personal data from EU countries. As such it makes sense for Australian companies that want to operate internationally, to implement GDPR in advance of the Australian Government mandating it as a standard for Australian companies.
GDPR aims to simplify the regulatory environment for business so both citizens and businesses in and operating in the European Union to fully benefit from the digital economy.
The reform are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent.
In today’s world, our lives cannot operate effectively in the modern economy without digital data. Examples include social media, banks, retailers and governments. Just about every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.
Given the number of data breaches reported daily in the mainstream media, it is not a question, but when it will affect a company, and your data stored within that organisation. The resultant data breaches lead to the loss or theft of information or otherwise released into the hands of people who were never intended to see it – and those people often have malicious intent.
Under the terms of GDPR, not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.
GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy.
There are two different types of data-handlers the legislation applies to: ‘processors’ and ‘controllers’. The definitions of each are laid out in Article 4 of the General Data Protection Regulation.
A controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”, while the processor is a “person, public authority, agency or other body which processes personal data on behalf of the controller”. If you were subject to the UK’s Data Protection Act, for example, you’ll likely need to be GDPR compliant, too.
“You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR,” says the UK’s Information Commissioners Office, the authority responsible for registering data controllers, taking action on data protection and handling concerns and mishandling data.
GDPR ultimately places legal obligations on a processor to maintain records of personal data and how it is processed, providing a much higher level of legal liability should the organisation be breached.
Controllers are also forced to ensure that all contracts with processors are in compliance with GDPR.