GDPR (General Data Protection Regulation) refers to the law that was enacted by the European Union on May 25 last year. Its primary objective is to safeguard the privacy of personal data, especially when it is given to third-party companies.
Is GDPR Relevant to Australian Businesses?
Yes. Australian businesses are expected to comply with GDPR. GDPR applies to all businesses in the world that interact with private data belonging to EU residents. Therefore, if your business is dealing with personal data about EU residents or has the ambition to enter the Europe market, it’s better for you to understand the principles of GDPR and what users’ rights it protects.
Principles of GDPR
The GDPR rules are based on the following ideologies:
- Companies must have legal permission to process personal data. They must also inform the individual whose data they are handling
- Personal data can only be used for the purposes it was collected. It means that you can’t use data for purposes other than the ones indicated to the owner
- Companies should only collect data that is necessary and relevant to them — no extras
- After the collected data has served its intended purpose, companies must delete it. It can only be kept for future references only in selected cases
- Private data must be regularly updated and checked for errors
- Personal data should be protected at all costs
- Companies must comply with GDPR rules
What are Users’ Rights according to GDPR?
As mentioned above, GDPR laws are heavily centred on protecting the users’ private data. The following are the right of users as directed by GDPR.
Right to Information:
If you are collecting data from an individual, it is your obligation to inform them. You should also tell them what you intend to do with such information and how long you plan to keep it in your records, as well as any other party that will have access to the data.
Right to Access:
A person has the right to access their data for free. However, if their request is unjustified, you have the right to charge them.
Right to Modification:
If a person notices that the information you have on them is inaccurate, they have the right to request for rectification. It is in line with the principle of GDPR that requires data to be accurate.
Right to Deletion:
There is a provision that allows users to request for the deletion of their private data. However, their request must be backed by a valid reason. For instance, a user can rightfully ask for the erasure of their data if they feel it is no longer useful to your company.
Right to Restrict Processing:
Here, the user requests you to stop using the data for a specific purpose without necessarily deleting it You can start processing the data again once the user gives consent.
Right to Object Automated Processing:
A person can bar you from using machines to process their data if the automated process could have negative impacts on their lives. For example, they might object the feeding of their data into a system that determines their suitability for a job vacancy.
Right to Portability:
You should ensure that the personal data on individuals is available to them upon request for use on other platforms. Preferably, the data should be in a commonly used file format.
If you are interested in learning more on how to comply with the GDPR, subscribe to our blog. getNEXT will continue to share updates and best practices on GDPR and data privacy.
At getNEXT we are committed to helping our customers safeguard their IT integrity and ensure their business continuity, focusing on business outcomes, not technology solutions alone. Get in touch today to see how we can help your business.