A Simple Comparison: GDPR vs. Privacy Act 1988 in Australia
February 5, 2018
2 min read
14GDPR
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 - at which time those organisations will be required to comply and if non-compliance is detected then enforcement actions such as financial penalties can be applied.
Privacy Act 1988 in Australia
The Australian Privacy Principles (APPs) in schedule 1 of the Privacy Act, outline how most Australian Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.
Key Facts
- The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018.
- Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
- The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:
- implement a privacy by design approach to compliance
- be able to demonstrate compliance with privacy principles and obligations
- adopt transparent information handling practices.
- There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.
- Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement.
GDPR vs. Australian Privacy Act
Where can I get more information?
The following resources may assist Australian businesses to assess whether they are covered by the GDPR and the steps to be taken to comply:
- European Commission, Reform of EU data protection rules
- Article 29 working group (from 25 May 2018, the European Data Protection Board) GDPR guidance (to be published soon)
- The Article 29 working group has also developed a general factsheet for Asia Pacific Privacy Authorities (APPA) members. This document may inform entities and interested stakeholders about the GDPR requirements.
- UK ICO website GDPR guidance
Sign up for our newsletter
Stay Ahead: Subscribe for the Latest Compliance Insights and Updates.
We care about the protection of your data. Read ourPrivacy Policy.