Last week the new General Data Protection Regulation (GDPR) came into force and for a short period of time was allegedly Google’d more than Beyonce that day! The requirements under the GDPR are important for organisations to consider, particularly where they may collect personal data (including for marketing purposes or in e-commerce).
Under the GDPR, any companies outside the European Union who use or collect personal data of individuals in the EU are subject to the requirements of the GDPR. This includes any data set which can directly or indirectly identify or single out an individual.
The enhanced compliance obligations under the GDPR include additional direct marketing requirements for organisations to consider in their marketing campaigns or when they target products at individuals in the EU or the UK, particularly when doing so through newsletters or promotional emails. Specifically, where organisations use personal data they have collected from individuals for direct marketing purposes they are required to provide an easily accessible ‘opt-out’ process. Practically, this may be done by including an opt-out link on direct marketing communications.
Even if your organisation does not collect personal information of individuals from the UK or the EU, organisations should still be ensuring that they are maintaining transparent privacy practices when it comes to their data collection and marketing practices and that they are complying with other requirements under Australian laws including the Spam Act 2003.
If you would like further information on the requirements under the GDPR (particularly as these may apply to Australian organisations) please check out our most recent update here. We also have a handy GDPR app and a summary guide for in-house lawyers, see here.
This blog was co-authored by Claire Kermond, Jessie Buchan and Melinda Upton.