The GDPR Might Affect Your Small Business
Once again, the Turnbull government has let Australian small businesses down when it comes to cybersecurity and cybersafety.
We saw it with WannaCry last year, when there was zero communication about what to do in the face of this possible crisis, and last week we saw it again with the General Data Protection Regulation. Thanks to zero communication from the Turnbull government, I'd say many Australian small business owners don't even know what the GDPR is, so they'll be alarmed—they'll be horrified—to know they could be fined up to A$30 million for not complying with it.
Last Friday, the EU introduced the GDPR. The GDPR aims to protect EU citizens from privacy and data breaches by requiring organisations to be more transparent. The GDPR means organisations now have to gain explicit consent to collect, use and store data, clearly disclose the purpose for retaining data, and report any data breaches within 72 hours.
Australian businesses – of any size – may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU through social media, email marketing or websites (time expired).