On May 25, the General Data Protection Regulation (GDPR) comes into effect for all European Union member states. This legislation, designed to safeguard the data of all EU citizens also affects any business or organization that has EU employees or clients.
The business software company Sage has recently conducted a survey of Australian businesses. The results? Most Australian enterprises are completely unprepared and/or uninformed about how these reforms will affect their companies.
Nearly 85 in every 100 businesses surveyed did not know about GDPR, had not even heard about GDPR. 82 in every 100 surveyed companies were unclear what the document said and how, if at all, it affected them.
Other survey results indicate similar confusion and lack of knowledge throughout the world. Most companies are unaware that GDPR has extra-territorial implications.
Why? Is there a lack of communication outside EU states? Has the communication been unclear? Or, have Australian business owners been deleting information because they assumed it had no implications for them?
Dealings with EU clients can and does include companies that do business online. This opens up a whole new area. Basically any enterprise with an IP address could be affected by GDPR.
As the broadness of GDPR requirements this has caught many companies unaware of the implications for their company.
Due to the fact that Australia has its own data breach laws, it is not surprising for Australian-based businesses to assume that their laws override GDPR.
Moreover Austrian stipulations under The Australian Data Privacy Act have implications mainly for larger businesses. It is natural for mid-size and small businesses to assume GDPR has no effect on them either.
As there is strong overlap between GDPR and Australian Privacy Act legislation, there is also a high likelihood that Australian businesses will be expected to comply with the latter.