The GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business
so both citizens and businesses in the European Union can fully benefit from the digital economy.
The reforms are designed to reflect the world we're living in now, and brings laws and obligations - including those around personal data, privacy and
consent - across Europe up to speed for the internet-connected age.
The new General Data Protection Regulation (GDPR) rules that took effect on 25th May 2018 have implications for Australian businesses that have an establishment
in the EU or offer goods and services or monitor the behaviour of individuals in the EU.
Australian businesses that may be covered by the GRPR include:
an Australian business with an office in the EU
an Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than
English) or enabling payment in euros
an Australian business whose website mentions customers or users in the EU
an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and
predict personal preferences, behaviours and attitudes.
According to the GDPR, websites need to protect site visitors’ privacy.
In simple terms this means website owners need to:
Get consent to collect and store data
Explain how collected data will be stored and used
Be able to delete all data collected from site visitors, upon request
How to Comply:
The GDPR requires all websites to inform users about the type of data the site collects and what this data is used for.
Customized Cookie Notification
A cookie notification lets visitors know your site collects information in the form of cookies.
Use a SSL Certificate
This ensures the connection to your website is secure and cannot be intercepted.
Consent Fields on Contact Forms
According to the GDPR, website owners must get consent from site visitors before collecting data. To comply with this requirement, you can add an opt-in
consent field in every contact form on your site.
Personal Data Deletion
GDPR requires that if a site visitor requests to have their personal data deleted, the website owner must do so without delay.
To be absolutely sure your website and data collecting mechanisms are compliant we recommend seeking legal advice, however if you require assistance with
implementation or sourcing, please feel free to contact us on 9583 3358.