Smarter GDPR Compliance for Australian Business
GDPR for Australian Businesses (general data protection regulation)
You would have received a barrage of emails over the last few weeks either telling us ‘We’re now compliant with GDPR” or you need to “Confirm to stay in touch because of GDPR”.
Yay, an opportunity to get less email marketing, can’t remember half of these things I signed up for anyways ?
But what does it all mean?
When we collect customers information, there’s been some changes on how we manage that data is the short story, mostly affecting you if you’re in Europe OR if your targeting peeps in the EU at this point, although, if you run a Facebook Business page or use Google Analytics, you should read this in detail.
This new GDPR (general data protection regulation) is effective May 25th and is a pain but this post walks you through what you NEED TO KNOW.
Caveat (cover my butt) Statement: I am no lawyer, and don’t speak legalese. I am in NO way responsible for your interpretation of my interpretation of this new legislation, this is just my humble opinion after reading umpteen articles, posts and online mumbo jumbo and this is intended as a short summary version of elements you may consider or ponder.
Please seek professional legal advice if you think it’s appropriate rather than making me wrong for trying to help. Caveat end:
Short story is this:
Full GDPR Compliance mainly affects businesses that are either based in Europe or the UK, or you have clients or subscribers in those areas…
BUT…
you should comply at Level 1 if you run Google Analytics or a Facebook Pixel (more on that later).
How will the GDPR affect Australian Businesses?
Australian businesses will likely need to comply with the GDPR if they:
- Have a presence within the EU
- Offer goods or services to individuals in the EU
- Monitor the behaviour of individuals in the EU
Another BUT…
Here's where Australian business could get caught by the GDPR, every EU citizen – including those that currently reside in Australia – are protected by it!
The GDPR also has significant overlaps with the recent Notifiable Data Breaches (NDB) legislation released by the Australian Government in February.
We’d recommend making it your aim for GDPR compliance, as it effectively guarantees compliance with the NDB (Notifiable Data Breaches) Australian legislation too.
GDPR to Protect Us:
This new law is being enacted to protect you and me, apparently, and the internet as a whole.
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). ... GDPR will come into effect across the EU on May 25, 2018.
My opinion of this GDPR:
As an internet user, I’m not fussed on peeps collecting my info, I don’t care! Here’s why!
When I fill in forms online, I know they’re gonna send me stuff, duh... so I know they have my details, ooo ahh…
I only do that at reputable sites anyways, so whatever. (If you fill in survey sites, omg, they will share your details everywhere, so don’t do that anyways).
I know that some (most) websites have tracking, so I’m going to see ads for that business when I roam on commerce sites like Gumtree, eBay, Amazon and the like, so… whatever…
Why do you think when you visit a particular website, do you then see ads for that website popping up on other websites you visit, like Gumtree, eBay, Amazon and the like? It’s called ‘remarketing’.
So what? I visited the website, now I’m seeing ads for them. If it wasn’t that ad, it’d be another ad.
I’m not about to put my tinfoil hat on yet!
Having said all that, the GDPR stops companies sharing or onselling my details with other peeps that perhaps send spammy emails, so that’s a good thing. I suppose my negativity is based on bureaucrats making it hard for businesses to manage all this compliance.
What else?
Cookie Consent:
The GDPR Compliance states that we must warn people that we’re using Cookies. So, if you’re using Facebook Pixels (and you should be) or Google Analytics (and again, you should be) then you must tell peeps you’re using cookies, and the easiest way is via a popup or ‘ribbon’ message.
Good news is you can ‘stage’ your compliance.
We’ve broken it down into 3 Levels for Compliance:
Level 1: Everyone
Level 2: Corporate, professionals that perhaps focus on Australian clients BUT can attract worldwide clients
Level 3: Worldwide focussed businesses
Yes Peter, bla bla bla. Just tell me what I need to do for MY business!
Phone 08 9439 2820 OR schedule a time below to talk.
What else to be GDPR compliant?
You should be updating both your ‘terms and conditions’ and your ‘privacy policy’ to be compliant, with all manner of legalistic jargon.
We have turn key templates of that jargon that have been reviewed by provided by a lawyer in the EU.
But wait, it goes on…
Right To Be Forgotten:
People can easily request the right to be forgotten in your system. We have a form for that.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Data Access Requests:
The GDPR states there must be transparency and control over your personal data. People must be able to easily and simply request what information you store about them. We have a form for that too.
Rectify Data Request:
Again, the GDPR states it must be easy for peeps to request edits and updates to their contact info. We have a form for that.
Unsubscribe Request:
And yes, even if there’s an unsubscribe link in an email an onsite form is required for people to unsubscribe and yes, we have a form for that too.
General Marketing:
If someone signs up for one offer, like a free eBook or the like, to be able to send them general news and updates you’re required to use a ‘checkbox’ to subscribe to that as well. Gone are the days of 'sign up for the ebook' and send them general marketing emails as well.
What else:
We recommend complying with at least Level 1: Cookie Consent with Privacy Policy Link.
Here’s a reminder of the various levels:
Level 1: Everyone
Level 2: Corporate, professionals that perhaps focus on Australian clients BUT can attract worldwide clients
Level 3: Worldwide focussed businesses
Phone 08 9439 2820 OR schedule a time below to talk.
Resources:
https://www.facebook.com/policies/cookies/
https://www.facebook.com/business/gdpr
https://www.facebook.com/business/gdpr#Advertiser-Terms
- FAQ Section especially
https://developers.facebook.com/docs/privacy/
https://www.blog.google/topics/google-europe/gdpr-europe-data-protection-rules/
https://www.wordstream.com/blog/ws/2018/04/04/facebook-ads-gdpr
https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
https://www.pwc.com.au/assurance/gdpr.html
I notice that the cookie notice comes up on every page, even after I have clicked OK on the home page. Do we have to get people to click repeatedly to accept the cookie notice?
Hi Lesley,
I just tested yours and once you’ve clicked the accept it does go away? Please check and advise otherwise. Here’s the link for the full package > https://www.smarterwebsites.com.au/smarter-gdpr-compliance/3-gdpr-compliance-options/
Thank you Peter.
In the beginning it was coming up multiple times but now it seems to be as you say.
Thank you for letting me be your test bunny on this. I appreciate you setting it up for me.
I think your package offer is very good indeed. And thank you for adding me at level one on a complimentary basis.
When it’s appropriate I will upgrade to level two.
Thank you and I will see the tech guys on Monday morning.
Cheers
Lesley