General Data Protection Regulation – What is it, and what does it mean for Australians?
In the past few days you’ve probably received a fair few notifications and emails from different websites and services to let you know that they’re updating their privacy policies. To most people, this probably served as a slightly unnerving reminder of just how many websites have their personal details on record. I mean, who doesn’t want a reminder that their old Myspace account still exists? But behind all these emails that you probably ignored is a single connecting cause: General Data Protection Regulation, or GDPR.
What exactly is the General Data Protection Regulation?
The GDPR is a pretty big deal – and not just because it’s easy to confuse with the acronym for our name, GPBC (Good People Bad Credit). As previously mentioned, GDPR stands for General Data Protection Regulation. This refers to the European Union’s new regulation on, you guessed it, data protection. It’s been in the works since 2016 but finally became enforceable on the 25th May 2018. That’s why you suddenly got hit with a tonne of notifications from companies you can just barely remember on Friday.
It represents a big change to the previous standards, hence the race to update privacy policies across the board. The big motivator behind this rush? Well, we’d like to believe that all these companies are just really keen on GDPR compliance, but that’s unfortunately not always the case. Surprise surprise, the biggest motivator is money – in this case, the possibility of losing a lot of it. There are some huge penalties in store for those who violate the General Data Protection Regulation.
Those found to be non-compliant with the new regulation risk a fine of up to AU$30 Million (€20 million), or 4% of the worldwide annual revenue of the prior fiscal year – whichever is highest – for upper-level infringements. Lower level breaches will incur costs of AU$15 Million (€10 million) or 2% of worldwide annual revenue. As you can imagine, fines of this size would easily cripple a wide range of companies.
Now you understand why they’re all so eager to flood your inbox!
What’s the point of the General Data Protection Regulation?
To put it simply, the GDPR aims to give people more control over the data that they share with companies. In an age where hacking has become a concern for the general population rather than just the focus of spy movies, control over your data is more important than ever. The GDPR ensures that data transfer is now a more consensual transaction between user and company than it was before.
What rights do individuals have under the General Data Protection Regulation?
Under the new rules, individuals now have the right to:
- Be informed. You must notify individuals of the purpose of collecting their data, the length of time for which their data will be stored and who it will be shared with.
- Access their own data.This largely relates to the following two rights.
- Correction. Should a person realise that their own data is inaccurate, the GDPR allows them to rectify the mistake.
- Erasure. An individual can request the deletion of their data, but it is only compulsory to grant their appeal in certain circumstances. This relates to only keeping necessary data.
- Object. If a person objects to their information being processed for the purpose of direct marketing, you must do so immediately upon receiving the appeal.
- Limit data processing. Much like the right to erasure, this depends on the specific situation. Restriction of processing might still allow you to store the individual’s data.
- Data portability. This means that you must make the personal data you hold available in forms that are easily transferred between organisations if required.
- Oppose automatic profiling. If the outcome of an automated assessment has potential legal ramifications, an individual has a legal right to circumvent this process and instead be evaluated by a human.
These rules don’t just apply to companies based in the EU, but to any business that has European users and/or clients (including Australian companies).
I do business with individuals in the EU. How will the General Data Protection Regulation affect me?
Despite only being in effect for a few days, some big players have already fallen foul of the new General Data Protection Regulation laws. Facebook, Google, Instagram and WhatsApp were accused of forcing users to consent to targeted advertising in order to use their services within just hours of the GDPR being enforced. This gives you an idea of both the swiftness and the scope with which this new law is being enforced. These crackdowns may currently focus on huge multinationals, but choosing not to adhere to the GDPR just isn’t worth the risk. Especially when the potential punishments are so high!
So, can the EU actually prosecute an Australian business if it violates the General Data Protection Regulation?
Whether the EU has the power to litigate an Australian business will be determined on a case by case basis. Regardless, testing the limits of GDPR compliance is probably not a good idea. If you are part of an Australian business that processes any personal data about EU citizens, here’s what you need to do:
- Notify key figures within your company. They should already be aware of the changes but share this information just to make sure. As always, ignorance of the law is no excuse.
- Conduct an audit of the personal data your company holds. This includes determining where it came from and who you share this information with. Delete any unnecessary or unlawful data as per your GDPR compliance responsibilities.
- Establish procedures in line with the users’ rights outlined in the GDPR. This means allowing for things like the right of access, right to rectification, right to erasure, etc.
- Evaluate your current data collection methods. Ensure that it complies with the GDPR standards.
- Review your security protocol for protecting personal data. The last thing you want to have to deal with is an information leak!
- Assess any connection with third-party providers. Ensure that they also comply with the GDPR. Avoid being implicated in any potential breaches!
What’s the difference between the General Data Protection Regulation and Australian privacy law?
There are fundamental similarities between Australia’s Privacy Act 1988 and the GDPR, although these pieces of legislation also have some significant differences. You are welcome to go through each document and compare them for yourself, but here are some of the most important distinctions.
While the GDPR acts as a blanket ruling for any business that processes the data of EU citizens, Australian privacy law is more selective. The Privacy Act only applies to government agencies, the private sector, private health service providers, nonprofits producing a turnover of above $3 million, and certain small businesses.
On the surface, the protections outlined in these pieces of legislation might seem to be identical. The General Data Protection Regulation covers information “relating to an identified or identifiable natural person”, while the Australian Privacy Act applies to “information that identifies or can reasonably identify an individual.” The distinction is subtle but important. The GDPR applies to a far larger pool of data, while the Privacy Act is strictly concerned with information that could identify a person.
The discrepancies between the two documents in regards to consent are similarly ambiguous, but still significant enough to mention. The GDPR requires consent to be a freely-given, unambiguous approval from the individual for their data to be collected for the disclosed purpose. In slight contrast, Australian privacy legislation designates that the person must:
- Be adequately informed of the intent of the data collection prior to giving consent
- Have the capacity to give consent
- Must provide their consent voluntarily
Again, these seem almost identical, but when it comes to legislation, the devil is in the detail.
What does the General Data Protection Regulation mean for Good People Bad Credit?
Well, not a whole lot. The General Data Protection Regulation applies to those doing business that processes the personal data of individuals within the European Union. GDPR compliance doesn’t really concern us – yet. But soon we will expand, first to Europe, then the world!
Okay, not really.
At the moment our focus is on helping our customers – Australian citizens and permanent residents – get the loans that they’re looking for. As you can imagine, that doesn’t require us to gather the details of anyone within the EU. At Good People Bad Credit, we make it our priority to find suitable secured and unsecured personal loans for our clients. We will only ever collect information that is 100% necessary and relevant to our loan matching process. This can include:
- Basic details, e.g. full name, title, gender, date of birth, residential address and nationality
- Contact details such as postal address, email address and contact phone numbers
- Details pertaining to your loan application, such as the type of credit, amount applied for and bank statements
As a general rule, we won’t need to collect or hold sensitive information regarding your personal beliefs or associations. In the unlikely event that we require such information in order to provide our service, we will only collect and hold these details if you express your consent. However, refusing to supply the relevant information that we require may prevent us from providing the service that we offer.
So is Good People Bad Credit still the best way to find loans?
Good People Bad Credit work with dozens of lenders to try and find a credit provider who can help customers across Australia. All you have to do to be eligible is check these boxes:
- Be an Australian citizen or permanent resident
- Be 18 years of age or over
- Have a regular income deposited into your personal bank account for at least 90 days
- Have a direct personal number
If that sounds like you then you’re ready to apply! Good People Bad Credit does the hard work for you by working with a range of trustworthy lenders. Whether you’re looking for unsecured personal loans, bad credit loans, cash loans, short term loans no credit check required, or just a general personal loan, Good People Bad Credit is the best loan finder service around.
Apply now to take the first step of your loan adventure!