10 ways Australian businesses can be ready for GDPR
From May 25, the EU General Data Protection Regulation (GDPR) takes effect right across Europe. But how do the changes affect us here in Australia?
Broadly, the key changes arising from the GDPR are around 2 central themes:
- Firstly, consent, and how organisations are compelled to gain express consent to obtain out personal data
- Secondly, individual data rights, especially in the storage and use of our data
As business owners, the digital channels we would often use include our own website, any email marketing platform (eg, Mailchimp, Campaign Monitor) and third party, or external, channels like social media. If you use, for example, Facebook to market your business, they will be complying with GDPR guidelines as their platforms is used globally. So in effect, you will be subject to GDPR guidelines as well.
Here are my top tips to get GDPR ready:
- Check if you need to comply even if you’re based in Australia. Have a look at the Office of the Australian Information Commissioner website and also talk to a lawyer. From the OAIC website “From 25 May 2018 Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.”
- Check your current email database for accuracy of the data you have and have a process for maintaining your records.
- Have a clear opt in on all areas of your website where you intend to use the data for future marketing. For example, if you are capturing leads, have an opt in check box and a short description about how you will use someone’s email address.
- Have a clear unsubscribe from all channels function. Under Australian law you need to have a clear and easy way to unsubscribe from electronic communications.
- Keep all data secure, especially if you are holding financial data like credit card numbers.
- Only ask for what data you need. If you don’t need a phone number, then don’t ask for it.
- Have a process for dealing with data breaches and how you will notify people impacted. A great local example is how GoGet (an Australian car sharing company) dealt with a hacker. You can read more about their case here.
- Understand what this means for marketing on social media channels. As well as Facebook, take a look at changes to LinkedIn and Twitter
To read more about GDPR, you can visit the main website here.
Contact us today to find out more about our Social Media Audit package.
Disclaimer: This blog article is not legal advice for your company to use or rely on in complying with any data privacy laws like the GDPR or The Spam Act. It purely serves to provide background information to help you better understand these issues. Please contact your lawyer for specific advice.