Your organisation, irrespective of its size, may need to comply with the GDPR in addition to the Australian Privacy Act 1988 (Cth)

What is the GDPR?

The General Data Protection Regulation (GDPR) is Europe’s primary framework for data protection laws which is designed to harmonise data privacy laws across Europe and to give greater rights to individuals. The GDPR commenced operation across the European Union in 2018. Your organisation may need to comply with both the GDPR and the Privacy Act 1988 (Cth) in its handling, use and management of personal information depending on the nature of your business.

The Office of the Australian Information Commissioner (OAIC) has recommended that businesses evaluate their information handling practices and governance structures and seek legal advice where necessary to implement compliance frameworks. Sainty Law works with organisations to help them plan and establish effective privacy compliant frameworks which meet the Privacy Act and GDPR requirements.

Is the GDPR relevant to your organisation?

Your organisation, irrespective of its size, must comply with the GDPR in addition to the Australian Privacy Act 1988 (Cth) in 3 specific instances – if it:

  • Has an establishment in the EU (regardless of whether it processes personal data in the EU); or
  • Does not have an establishment in the EU but offers goods and services to or monitors the behaviour of individuals in the EU.

This means that the GDPR applies to any business that holds, controls or processes personal data of EU residents – irrespective of whether they are customers or employees.

The Business Case for GDPR Compliance

For many organisations, data can be one of its most valuable assets. And, it is important to recognise that data is just as valuable to your customers. GDPR compliance allows your organisation to demonstrate that it values its customers’ information and deals with it properly. This will foster trust which enhances your customer and stakeholder relationships.

We work with organisations that have identified the type of opportunities that GDPR compliance presents. They focus on the benefits of compliance rather than the challenges. In an increasingly data centric world our clients position themselves to boost customer and stakeholder confidence, increase trust and build stronger relationships founded on a strong data compliance culture.

We work with you to understand your organisation’s data flows and how to implement processes

GDPR Compliance Services

Our team of privacy experts can assist you with the following:

  • Review your current privacy framework and conduct a remediation analysis;
  • Assess your GDPR compliance requirements;
  • Map your data flows;
  • Develop technical and organisational measures to ensure demonstrable GDPR compliance;
  • Develop a Privacy Impact Assessment and Data Breach Response Plan;
  • Conduct and advise on Privacy Impact Assessment processes;
  • Provide incident response advice in the event of a data breach;
  • Design and lead staff training, in person and online; and
  • Conduct annual data protection reviews.

We take a ‘privacy by design’ approach and are committed to understanding how your organisation operates and what its GDPR compliance requirements are and the type of compliance program that you require depending on your organisation risk appetite. We work with you to understand your organisation’s data flows and how to implement processes to ensure that the collection, use and disclosure of data is done in accordance with the GDPR.

Consequences of Non-Compliance

It’s critical that your organisation understands its GDPR risks as failure to comply can result in fines of up to the higher of €20 million, or 4% of the organisation’s annual global turnover.

However, the consequences of a data breach for your organisation can be greater than any imposed fine. Ensuring your organisation has a compliant GDPR framework in place means that you can respond quickly and effectively and reduce the potential reputational and financial risks if things go wrong.

GDPR – 6 Essentials

1. Scope
The GDPR applies to non-EU establishments where data is processed in connection with “offering goods or services” to European data subjects or “monitoring” their behaviour. Non-EU entities that are subject to the GDPR are required to designate a representative in an EU Member State (unless limited exceptions apply).

2. Principal Based Regulations
It is up to you to decide how to ensure that your organisation complies with the GDPR. Implementing a Demonstrable Compliance Framework, which sets out the technical and organisational measures you are taking to protect data will help you meet your obligations under the GDPR.

3. Openness and Transparency
The GDPR requires you to be open and transparent about how information is collected, stored, used and disclosed at every stage of the data lifecycle. Compliance with the GDPR helps consumers feel empowered and leads to more informed choices about your organisation’s activities which involve the collection of personal data.

4. Fines
Failure to comply with the GDPR can lead to fines for breaches of up to €20 million or 4% of global annual turnover, whichever is the greater. Remoteness will not be a defence.

5. EU Representative
An EU Representative keeps records of processing activities and is available to receive inquiries and complaints from EU data subjects. Your representative will liaise with Data Regulators as required and keep you abreast of regulatory changes or updates on GDPR guidance.

6. Privacy Health Checks
To ensure you remain compliant with the GDPR, we recommend conducting an annual privacy health checks to assess the degree to which your organisation is compliant with the law, vulnerable to privacy risks and whether it meets privacy best practice. GDPR Solutions can provide this health check and develop strategic solutions which take into consideration your business needs to strengthen your privacy and data handling frameworks to comply with the GDPR.

We recognise that for most organisations, compliance with the GDPR isn’t easy

Our GDPR Partner

Data Protection 4 Business

Sainty Law is proud to partner with UK based, Privacy Industry expert, Data Protection 4 Business (DP4B) to offer GDPR Solutions. Together we help our clients navigate and ensure compliance with the GDPR. We offer our clients:

  • EU Representative Services;
  • Online training;
  • Technology solutions for GDPR compliance;
  • Website audits for cookie compliance;
  • A range of related consultancy services; and
  • Updates on regulatory developments, case law and published guidance.

We recognise that for most organisations, compliance with the GDPR isn’t easy, and so we have partnered with DP4B to offer GDPR Solutions.

GDPR Solutions gives you the option of outsourcing the role of the EU Representative to our UK based partner. With DP4B’s local and expert knowledge of UK and EU privacy requirements combined with our expertise in Australia privacy law, we can provide you with pragmatic advice based on your needs, guidance on your organisation’s GDPR obligations as well as solutions to difficult data protection issues, leaving you more time to run your business.

Under the brand, GDPR Solutions, DP4B and Sainty Law offer you a hands-on and practical approach to ensure your business meets the requirements of the GDPR. Working with your team, we identify the flows of personal information in your organisation and walk you through the operational and data management changes you will need to establish and demonstrate GDPR compliance.

DP4B’s on ground expertise means that we don’t use a sledgehammer to crack a nut – together we put in place what is needed based on the type of services you offer. This means we assess the data risks applicable to your business and work from there.

GDPR Solutions helps by providing affordable consultancy services, advice on technology solutions, as well as online training courses to ease the compliance burden. This means you meet your responsibilities under the GDPR on a continual basis.

Read more about DP4B here: https://www.dpo4business.co.uk

You can also check out episodes 10 and 11 of ‘GDPR NOW!’ to hear Karen Heaton, the Director of DP4B discuss the use of cookies amongst the backdrop of the GDPR and handy hints as to how you can stay on top of your privacy obligations.

Episode 10: https://gdprnow.fireside.fm/10
Episode 11: https://gdprnow.fireside.fm/10