The European Union General Data Protection Regulation or GDPR is new data protection requirements coming into effect on the 25th May 2018. The new laws aim to harmonise data protection laws across the EU and replace existing national data protection rules. But is it relevant to Australian travel businesses?
This article discusses how you can determine whether you fall under the scope of the new regulations and need to take action.
An Australian business of any size needs to comply if:
Some examples of Australian businesses covered include:
The good thing for Australian businesses is that the GDPR and the Australian Privacy Act 1988 share many common requirements, so if you have effectively implemented these principles in your business you will already be ahead.
There are some notable differences however, including certain rights of individuals, such as the ‘right to be forgotten’ which do not have an equivalent under the Australian Privacy Act.
If you think you might be captured or need to understand further, the Australian Privacy Commissioner has created Privacy business resource 21 to assist Australian businesses. You can access this here.
Contact Naomi Menon – Head of Compliance and Operations, AFTA at naomi@afta.com.au.