10 ways Australian businesses can be ready for GDPR

From May 25, the EU General Data Protection Regulation (GDPR) takes effect right across Europe. But how do the changes affect us here in Australia?

Broadly, the key changes arising from the GDPR are around 2 central themes:

• Firstly, consent, and how organisations are compelled to gain express consent to obtain out personal data
• Secondly, individual data rights, especially in the storage and use of our data

As business owners, the digital channels we would often use include our own website, any email marketing platform (eg, Mailchimp, Campaign Monitor) and third party, or external, channels like social media. If you use, for example, Facebook to market your business, they will be complying with GDPR guidelines as their platforms is used globally. So in effect, you will be subject to GDPR guidelines as well.

Here are my top tips to get GDPR ready:

1. Check if you need to comply even if you’re based in Australia. Have a look at the Office of the Australian Information Commissioner website and also talk to a lawyer. From the OAIC website “From 25 May 2018 Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.”
2. Revise your Privacy Policy. When was the last time you looked at the Privacy Policy on your website? (And if you don’t have one, put that at the top of your to do list!). Does it address how you collect and store information? Make sure you reference data collected on your own website, like email addresses and phone numbers; as well as data collected by pixels you use for remarketing campaigns through, for example, Facebook and Google.
3. Check your current email database for accuracy of the data you have and have a process for maintaining your records.
4. Have a clear opt in on all areas of your website where you intend to use the data for future marketing. For example, if you are capturing leads, have an opt in check box and a short description about how you will use someone’s email address.
5. Have a clear unsubscribe from all channels function. Under Australian law you need to have a clear and easy way to unsubscribe from electronic communications.
6. Keep all data secure, especially if you are holding financial data like credit card numbers.
7. Only ask for what data you need. If you don’t need a phone number, then don’t ask for it.
8. Be clear and upfront about the use of cookies for collecting data. Under Facebook’s new Terms of Service, you are required to include on your website that you are collecting data through their pixel, and the purpose of why you are collecting it. You can find more information here.
9. Have a process for dealing with data breaches and how you will notify people impacted. A great local example is how GoGet (an Australian car sharing company) dealt with a hacker. You can read more about their case here.
10. Understand what this means for marketing on social media channels. As well as Facebook, take a look at changes to LinkedIn and Twitter

To read more about GDPR, you can visit the main website here.

Contact us today to find out more about our Social Media Audit package.

Disclaimer: This blog article is not legal advice for your company to use or rely on in complying with any data privacy laws like the GDPR or The Spam Act. It purely serves to provide background information to help you better understand these issues. Please contact your lawyer for specific advice.