Privacy, Data Protection and the GDPR.
Privacy and data protection continues to increase in importance for both established companies and technology startups in Australia and overseas. Drafting privacy policies and advising on business terms and conditions are key components of our service offering to our clients. Recently, these areas come under greater scrutiny due to European Union updating its data protection regulations in the form of the General Data Protection Regulation (GDPR).
Data protection and the GDPR is a key issue for all Australian based startups who anticipate scaling internationally. Adequate compliance with this new and far-reaching regulatory regime has a direct effect upon how software should be architected (especially with respect to data), how business operations are conducted and also measurably impacts capital raising and external investment. With these imperatives in mind, Allen Legal has enhanced its capability and knowledge in this area, bringing in specialist data protection consultant, Sam Hartridge to work alongside our IP specialist, Peter Lightbody and building our network of European law firms with expertise in this field.
What is the GDPR and what do you need to do about it?
The GDPR came into force on 25th May 2018. It is the new European standard for Data Protection and it has far greater impact and reach than its predecessor.
The Regulation affects any business, no matter where it is located, that collects or uses data from European Union citizens. Its powers, provisions and penalties are more onerous than current Australian privacy and data protection laws.
Startup businesses with a global end-game need to consider the GDPR rules as best practice when it comes to data protection and security.
Early stage startups have an advantage: They can do ‘privacy by design,’ meaning they can build their system to be privacy compliant. Incumbents may have more work to do on legacy systems in order to become compliant.
Critically, startup business that are looking to a potential global exit (trade sale/merger) will need to show GDPR compliance. Investors and acquirers will want to see how this risk has been alleviated, so they are not purchasing a huge liability.
Additionally, there are serious penalties for GDPR non-compliance.
So, how much will GDPR impact your business?
- Do you have business operations in the EU?
- Do you acquire, hold or use (“control or process”) Personal Data for any person in the EU?
- Do you plan to acquire, hold or use (“control or process”) Personal Data for any person in the EU?
- Do you foresee any need in the future to acquire, hold or use (“control or process”) Personal Data for any person in the EU?
- Is your business a potential acquisition target for a European or Global Company?
- Do you want to manage your data in accordance with EU GDPR Regulations?
If you answered ‘No’ to all of the above then you have no current risk. However if you answered ‘Yes” to any question, please provide your details below and one of our team will contact you to provide an appraisal of your risk and actions required to manage your exposure.