Australia Versus GDPR Privacy Policy: Which One Should I Use?

Australian businesses more often than not will need to have a privacy policy on their website. However, there are circumstances where your privacy policy will also need to be compliant with the General Data Protection Regulation (GDPR). The GDPR is a set of regulations protecting individuals in the EU. On the other hand, the Privacy Act (1988) protects individuals inside Australia.

In this article, we’ll outline the differences between GDPR and Australian privacy policies.

GDPR Privacy Policy

The GDPR requires that all businesses operating in the EU have a privacy policy on their website. This policy informs your users how you will handle their data. Further, some key provisions in the GDPR are:

  • The definition of personal data as being data that relates to the identification of a person in the EU
  • Your privacy policy must be in clear and accessible language
  • You must advise users how you will process their data
  • You need to also inform users of their rights. These include being informed, access, rectification, erasure, restricted processing, data portability and objection

Australian businesses will need to have a GDPR privacy policy on their website if they:

  • Have operations in the EU
  • Service customers who are citizens of EU countries

Privacy Act 1988 (Cth)

The Privacy Act 1988 (Cth) regulates the handling of information by government agencies and businesses which have a turnover of more than $3 million per year. Further, privacy requirements are based on the 13 Australian Privacy Principles (APPs) that deal with the collection and handling of personal information.

Section 6 of the Privacy Act 1988 (Cth) defines personal information as being:

  • Information or an opinion that relates to an identifiable or reasonably identifiable person

In Australia, consent by individuals through the processing of their information can also be either implied or expressed.

Australian Privacy Law v GDPR

Australian privacy law and the GDPR cover a similar scope, but are different in their requirements. All EU businesses are required to have a GDPR-compliant privacy policy, however not all Australian businesses are under the Privacy Act. If your business does not have operations in the EU or provide goods or services to individuals in the EU, your privacy policy will not need to be GDPR compliant.

It’s important to ensure that you comply with privacy laws which apply to your business and heavy fines can apply for non-compliance. If you’re unsure as to which type of policy you should have on your website, it may also be wise to contact a privacy lawyer.

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

Register for our free live webinar today!

Drafting & Negotiating Contracts: Essential Tips to Protect Your Small Business

12:00pm AEDT
Thursday 10th October 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

Thinking about managing your trust using a company as trustee? Read our guide on how to create a corporate trustee structure.
How to prevent yourself as a company director from being personally liable: 101 Guide
Need to transfer your company shares soon? Read this first.

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.