The European Union’s General Data Protection Regulation (GDPR) is one of the most comprehensive overhauls of privacy regulation in recent history, and represents a significant expansion of the territorial scope of European privacy regulation. With less than three months to go until the scheme commences, Australian businesses should be asking the question: do I need to comply?

If your business:

  • has an establishment in the EU
  • provides goods or services to individuals located in the EU or otherwise monitors their behaviour,

then you must comply with GDPR from 25 May 2018.

The GDPR imposes strict new conditions on how businesses engage with and utilise EU residents’ personal information. For a further explanation on how the GDPR might affect your business, and how best to manage these new compliance obligations, see our previous article.