By now you would have heard, and be aware of GDPR, which stands for General Data Protection Regulation. GDPR represents new digital privacy standards which came into effect on the 25th May, 2018 and the regulation requires no enabling legislation, so it automatically became binding and applicable from this date.
While the focus of GDPR is on the European Union, most Australian businesses will find they need to comply regardless of whether or not they conduct business in, or offer goods and services to, EU covered regions. This is because the new regulation covers anyone from the EU, or even those holding a passport from the EU. Under our Australian privacy laws, businesses are not permitted rights to specifically identify EU citizens, so the best approach is to assume any personal data you have as a business may also include EU citizens.
The good news
One major positive for Australian businesses is that there are many similarities between the GDPR and the existing Australian Privacy Act (from February 2018). This means that if you operate your business in Australia and comply with our current privacy laws, you are likely to have already put in measures that are required under the GDPR.
Some similarities include the requirement for transparent information handling practices and business accountability. This is to provide those who share personal information with your business, the confidence that their privacy is being protected.
From a strategic and governance standpoint, the GDPR represents a significant opportunity for your business to make digital experience and data quality management, key strategic focal points; with improving consumer engagement, reputation and trust at the core.
Take a holistic approach to GDPR
GDPR involves an all-encompassing change to how your business deals with personal data handling practices, in order to comply. This extends beyond IT and web related roles within your organisation, and requires a holistic approach by all stakeholders.
When it comes to digital products and websites, under GDPR your company will now be required to build in privacy settings and have these activated in such a way that allows your users to opt-in - opposed to opting-out - by default. Operationally, your company will now be required to conduct privacy impact assessments and strengthen the way you gain consent to use data from each individual.
Other requirements include the documenting and disclosure of methods of use of personal data, and improving the way your business communicates data breaches, should they occur.
Working with digital agencies
Most digital agencies such as our own at The Digital Embassy will be able to provide advice and services in relation to implementing changes to your websites, digital marketing and other digital assets required under GDPR. These changes will help your business to comply with the new regulations, and enhance the experience for your users regarding how their privacy is handled.
It's important to note that your digital agency is not a master of privacy law. Should your business fall under GDPR, we strongly recommend that you seek independent legal advice on how the new regulations will affect your business, and how full compliance should be achieved, as well as maintained.
Making your business website comply with GDPR
A good starting point is to make sure the policy disclosures and privacy statements featured on your website are up to date. These need to include clear explanations - in layman’s terms - how your business uses the data it captures.
A few more practical updates to be considered with regards to helping you improve your users online experience and comply to the new regulation include:
- Using active opt-ins for accepting terms and consent on web forms
- Segment different types of consent where personal information is captured to allow users opt-in only to information they wish receive
- Disclose and gain consent where personal data is accessible to third parties such as payment gateway services, tracking software services, email subscription tools and even your digital or marketing vendors where they manage these services on your behalf
- Make opt-out or removing of content an easy process on digital assets
By following the steps above, you will help your business to improve the user experience of your website, as well as other digital services. You will also begin the process of exercising better governance standards in gaining consent and control of the personal information you capture through these channels.
About The Digital Embassy
The Digital Embassy™ is an Australian Google and Microsoft Certified Partner transforming digital business. Our team are ambassadors for best practice in digital business strategy, web design, behaviour-driven software development and evidence-based digital marketing. For over 20 years our business has employed local industry certified personnel to help businesses meet the changing needs of digital users and consumers.
The Digital Embassy™ is a pre-qualified ICT service provider for Government in SA, VIC and NSW.