Alongside the great Laurel v Yanni debate and Kim Kardashian going political, Facebook and the Cambridge Analytica data privacy breach has become one of 2018’s pivotal moments – and whilst all three incidents received massive online backlash, this breach was the breaking point for many online users who demanded the right to have their private information stored securely by trusted website providers.
As a result, online privacy and data protection was thrown into the spotlight, so the release of Europe’s General Data Protection Regulation (GDPR) was rather well timed - despite it being in the works for several years.
The General Data Protection Regulation (GDPR)
Officially enforced on May 25th 2018, the GDPR is a regulation on data protection and privacy applicable to all individuals within the European Union (EU) and European Economic Area (EEA). This includes the export of personal data of EU citizens that takes place outside the EU or EEA.
As an update to the existing Data Protection Directive, the GDPR outlines the rules and regulations that all companies must adhere to when managing personal data that has been provided, captured and stored. Essentially, the GDPR is preventing personal data from being breached – this includes being shared to third parties or misused by companies – as well as giving individuals more rights over their shared personal data.
These regulations include:
- Harsher penalties for personal data breaches
- Mandatory technical and organisational measures for personal data protection
- Mandatory data processing registries
- Mandatory data breach reporting
For specific GDPR legislation, click here.
What Does the GDPR Mean For Australia?
If you run an online business that gets any sort of international engagement it’s in your best interest to read on.
If any Australian businesses have an establishment in the European Union (EU), offer goods and services in the EU, or monitor the behaviours of individuals in the EU, they are also subject to adhere to new GDPR requirements.
What is the GDPR Penalty for Non Compliance?
Unless you’ve got millions in spare change, the GDPR penalty doesn’t come cheap. Administrative fines can reach up to 20 million Euros or, failing that’s not enough, 4 percent of your annual global turnover, whichever of both is highest.
Of course, this doesn’t mean a slight of error in your efforts to comply automatically results in the greatest GDPR penalty you could imagine. The GDPR penalty is circumstantial, depending on the severity of non-compliance, the risk of data breach and the efforts to which an organisation has undergone in attempting to comply - these are situations taken into consideration. If it’s any consolation, the GDPR also has a second tier penalty of 10 million Euros or 2 percent of your annual global turnover.
In any case, it’s probably in your best interest to ensure you’re playing by the rules.
I Can’t Afford to Lose Millions - How Can I Avoid a Data Breach?
At Ezidebit, we understand how important it is to keep all business information safe and secure. That’s why we’ve invested in attaining PCI Level 1 - the world’s highest payment security accreditation. This means when we handle your customer’s payments, all personal banking information is being handled with the highest level of data security. In addition to having the highest standards of payment security, Ezidebit is also equipped with military-grade software and servers, and the highest level of encryption available, keeping both yours and your customer’s data safe and secure. Keep compliant with GDPR legislation by having safe and secure data – contact Ezidebit today!