The European Union General Data Protection Regulation (the GDPR) applies from 25 May 2018.

It applies to Australian businesses regardless of size that

  • have an office in the EU
  • have a website which targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in
    euros
  •  website mentions customers or users in the EU
  • tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.

If that is you a good place to start is the Australian Government, Department of Australian Information Commissioner Privacy business resource 21

Fines can range from up to €20 million or 4 per cent of annual worldwide turnover, (whichever is higher). So it is worth making sure whether you comply or not.

Remember, ignorance is no excuse.