The data protection laws are enforced to strengthen and unify data protection for individuals, businesses and organisations. GDPR is one such regulation that solely exists to protect within the EU as well as address the export of personal data outside the European Union (EU), which means it protects the misuse of personally identifiable information (PII) of any kind of EU citizen.
For any Australian business, it is important to assess their readiness for GDPR compliance in order to avoid heavy penalties or fines. Australia and the EU enjoy a constructive and substantial bilateral relationship. According to an article published by www.dfat.gov.au the EU was Australia’s second-largest trading partner in 2020, as well as our seventh-largest export destination, fourth largest services export market and second-largest source of foreign investment.
GDPR is strict regulation, enforcing data protection measures on the data related to EU citizens even if data is processed outside EU geographical boundaries. Non-compliance with GDPR may result in penalties of 20 million EUR or 4% of global turnover.
We have seen huge penalties imposed on global organisations like British Airways, Facebook, Amazon and many more.
Thus, for Australian businesses to keep continuing to do business in Europe, it is critical to understand the impact of GDPR, if they are dealing with European clients.
Ask the right questions?
A holistic approach is required to protect data and applications in order to comply with GDPR. GDPR regulators will ask you to prove that you are acting appropriately.
Australian businesses must ask the right question to start their journey of GDPR compliance.
- What is our data footprint in the EU (e.g. data about employees, consumers and clients)?
- Are we prepared to provide evidence of GDPR compliance regulators who may request it?
- Do we have visibility of and control over what personal data we collect? How do we use it? To whom do we share it?
- Do we have a privacy-by-design programme, with privacy impact assessments (PIAs), documentation and escalation paths?
- Do we have a tested breach-response plan that meets GDPR’s 72-hour notification requirement?
- Have we defined a roadmap for GDPR compliance?
- Have we adopted a cross-border data transfer strategy?
- According to GDPR, are we data controllers or data processors?
- Do we need to appoint a DPO? Can we have a DPO in Australia or Do we need to hire a DPO in Europe?
- Do we need BCR or SCC?
- Do we need a data representative in Europe?
Answering these questions can be tricky and resource-demanding. We, at Rabbon, can assist you in asking the right questions and finding the right answers to make a smooth transition from GDPR non-compliance to GDPR compliance.
Key focus areas of GDPR:
- Purpose of Data processing
- Consent of Data subject
- Data subject rights
- Accountability of the Data processor and the Data controller
- Cross-border data transfer
- Data Protection Officer(DPO)
- BCR and SCC
- Third-party and vendor management
- Transparency of information and communication
- Data security, storage, breach, breach notification
- Training and awareness
How can Australian businesses prepare for GDPR compliance?
- Develop a vision and strategy for compliance with the GDPR.
- Data protection policies, standards and procedures
- Assess gaps between your current compliance programme and the requirements of the GDPR, and analyse risks.
- Perform Data flow analysis and DPIA
- Create an accountability framework for data protection compliance.
- Develop the operational structures needed to facilitate compliance.
- Review lawful processing bases and third-party contracts.
- Create processes for privacy by design and privacy impact and risk assessments.
- Identify and prioritise key remediation activities to reduce your risk profile.
- Pseudonymisation and encryption are required while processing personal data
- Reviewing and updating configurations of data loss prevention (DLP), Security Information and Event Management (SIEM) and other technical solutions
- Equipping the security ecosystems with effective identity and access management solutions
- Reviewing data retention schedules, cross-border data transfers, privacy notices, consent, etc.
- Logging monitoring and incident management solutions.
GDPR compliance is an opportunity, not a liability.
As stated earlier, Europe is a huge business market for Australian businesses. If you are GDPR compliant as compared to your competition, you can win more clients and gain the trust of your current and upcoming clients. Therefore, rather than seeing this as an additional burden in terms of compliance, Australian businesses should see it as a massive business opportunity knocking at their doors.
Need GDPR Compliance Consultation?
Rabbon is a Cybersecurity company based with offices in Sydney and Melbourne. We lead a team of Data privacy consultants, who help organisations’ with GDPR Compliance Consulting. We believe that “Cybersecurity is for everyone“
You can contact our GDPR Compliance Consultants for an obligation free consultation.
Phone : +61 2 80513207
Email: [email protected]