Internetrix's very own Head of Data Science, Dean Marchiori, has been ranked among Australia'a Top 25 Leaders in Digital Analytics at the Institute of Analytics Professionals of Australia (IAPA) Awards.
As May was drawing to an end in 2018, the European Union (EU) completed the implementation of a new digital regulation, the General Data Protection Regulation (GDPR), that would not only influence European countries, but every single country in the world. A few months on and there is still a fair amount of confusion of four primary things in the Australian digital community:
The following blog aims to rid the confusion surrounding the new policy and clarify the primary talking points for businesses around Australia so that everyone understands the possible influence the GDPR may have on their business.
There is a very long list of the specifics of what the new GDPR policy includes, but to keep things brief we are only going to touch on the most important considerations for Australian businesses. The General Data Protection Regulation (GDPR) was essentially implemented by the European Union in an effort to protect, and give European consumers control of where and when their personal digital information can be stored and used by businesses online. A vast majority of businesses online collect all anonymous user data in order to understand user experiences, track returning visitors and inform business decisions. There are also other businesses that purely operate in a digital space by collecting and distributing this data information to other businesses. The new policy forces organisations online to implement changes to data analytics and tracking so that digital users in the EU have the choice as to whether their information can be stored and used by each website and business they visit online.
The GDPR primarily consists of 8 privacy-related rights, that all businesses must comply with. These are:
The GDPR does not only affect businesses operating in the EU. It can impact any businesses outside of the EU that sells to, or tracks data of any European digital visitors, regardless of whether your business has 10 or 10,000 employees. Specifically, the GDPR automatically applies to any business worldwide that stores any personal data or information of European digital users across any of their website platforms. So if you know that your business receives visitors from this region then this policy definitely applies to you.
If you are unsure if whether this policy applies to you and your business currently has an analytics platform in place, you can easily check whether there have been any visitors to your site using geographic data filters. You can have a look at your previous data (we recommend covering at least a year of data - or even further back just to be sure).
If you're using Google Analytics, you can follow these steps to easily check whether you are gathering European user data:
If you do not have an analytics platform in place give us a call to discuss how you can get one in place. Otherwise figuring out whether you have European visitors is a bit of a guessing game. You will need to consider whether any your company's website or online offerings have any components targeted at, or are attractive to audiences from Europe. Be aware that a lot of websites do not intend on drawing in visitors from overseas but usually do so anyway due to similarities in business name or offerings as other businesses overseas. Plus you need to consider how easy it is to surf the internet from anywhere in the world and land on pages from other countries. We recommend that all businesses should be compliant if there is any inkling that they may be attracting European visitors.
There are a number of actions that will have to be completed in order to keep your company compliant with the GDPR's requirements. Firstly there is the issue of privacy policies. These will need to be updated in order to give users a new sense of transparency into why and how your company is collecting their data. Here's a good example of a structure that clearly addresses what the GDPR states company's need to clarify with their users:
Next, your users need to be aware that they have control and the ability to access or delete their data that your business holds at any time. This means users should have easy access to any accounts they create and have the ability to edit or delete anything previous information provided.
These are the primary changes that need to be made, although there are some other considerations. You can give us a call to discuss these more, or even check out this blog that delves into it a bit deeper.
The new GDPR regulations state that fines for non-compliance can be up to the amount of €20 million or 4% of total company revenue, whichever is larger. Note that fines for data infringements are considered on a case-by-case basis taking into account a number of criteria into consideration like the intentional nature of the infringement, how many users were impacted and if there have been any previous data breaches. To avoid committing a data breach under the GDPR it is in your best interest to make sure your business' data retention methods are compliant.
We hope this blog was informative and cleared up some of the confusion surrounding the influence of the GDPR in Australia. If you would to chat more about GDPR or ways that we can help your business be compliant, get in contact with us today.