Home » Blog » Does your digital presence comply with privacy laws?

Does your digital presence comply with privacy laws?

You’ve probably noticed a lot a communications lately updating privacy policies and disclaimers from businesses around the world.

Governments are stepping up regulation of online privacy, and small businesses can’t bury their heads in the sand. We’ve put together a quick guide to the key privacy areas you need to be across.

Important changes you need to know about

Law: Businesses that collect personal information and have an annual turnover of $3 million or more, and any business handling sensitive information (such as healthcare), must comply with the Australian Privacy Principles (APP).
What it means for you: In terms of ‘online transactions’, the law applies to any exchange of information such as taking payments, and information delivered via contact forms and lead magnets. Staying privacy compliant doesn’t require much work – but it’s important to be aware that non-compliance could lead to fines of up to $2.1 million.

Law: Disclosure of personal information to parties in other countries must comply with the APP.
What it means for you: Business owners who engage in any outsourcing, such as overseas web design, must take reasonable steps to understand that country’s data collection and handling policies. Also you need to make sure they are not in breach of Australian law.

Law: Email marketing must have a clear opt-out facility under the Spam Act.
What it means for you: Sending promotional emails without an opt-out button, or mail to customers who have already opted out, is a big no-no. Make sure your marketing collateral – especially anything that is automated – complies with opt-out laws.

Law: Only collect personal information that is necessary for your transaction.
What it means for you: If you’re selling someone makeup, for example, there’s no need to get their passport number. You should review your online forms to make sure you’re only asking for relevant information.

Law: The European Union’s General Data Protection Regulation (GDPR) came into effect in May 2018. It applies to any business, anywhere in the world, that processes personal data relating to an individual in the European Union.
What it means for you: While largely similar to the APP, there are some differences that may affect how data must be protected. If you deal with customers from countries in the EU, it’s worth getting across the GDPR, or even getting legal advice, to ensure you comply with the new regulations.

Checklist for remaining compliant

The following points should protect you, and demonstrate goodwill in the event of a breach. Your industry bodies and small business groups should have privacy policy templates you can use:

  • Have a policy in place for how you collect, use, disclose and store personal information, as well as any complaints that arise from it.
  • Develop a privacy notification and make it visible wherever personal information is collected, such as pop-up cookie notifications on your website and email disclaimers.
  • Appoint a privacy officer to keep up to date with changes to the law, and document and train your staff accordingly.
  • Stay on top of any breaches, report them and follow through on any necessary changes.

What to do if you are in breach

Notifiable data breaches must be reported to the affected individuals as well as the Office of the Australian Information Commissioner (OAIC), especially if the breach is likely to result in serious harm to anyone whose personal information was compromised. You will need to complete a form and conduct a quick assessment of the extent of the breach.

Time for a financial health check? Contact Prospa on 1300 882 867, or apply online for a small business loan.

Primary CTA illustration
Need funding to help beat 2020? Get back to business with a fast decision and funding possible in 24 hours.
Apply now
Primary CTA icon
Need funding to help beat 2020? Get back to business with a fast decision and funding possible in 24 hours.

The information in this post is provided for general information only and does not take into account your personal situation. Nothing contained in this post constitutes advice or an endorsement or recommendation of any kind by Prospa. Any links to third party websites are strictly for informational purposes only. You should consider whether the information is appropriate to your needs, and where appropriate, seek professional advice from financial, legal and taxation advisors. Although every effort has been made to verify the accuracy of the information as at the date of publication, Prospa, its officers, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy, or omission from the information for any reason, including due to the passage of time, or any loss or damage suffered by any person directly or indirectly through relying on this information.

Keep reading

Infographic: The temporary uncapped instant asset write-off scheme explained

21 October 2020 | 1 min read

The Federal Government’s temporary uncapped instant asset write-off scheme, aka temporary full expensing, offers extra incentive for eligible Aussie businesses to invest in new equipment.

View more

A small business guide to going cashless

19 October 2020 | 4 min read

Consumer trends indicate we're heading towards a cashless society. Experts share what small businesses should consider before adopting a cashless payments system.

View more

2020 Federal Budget – the expected wins for small business

07 October 2020 | 5 min read

The 2020 Federal Budget promises big wins for many small business owners, including a billion dollar JobMaker scheme, tax breaks, instant asset write-offs and more.

View more

Subscribe to the Prospa Blog

Be inspired! Sign up to Prospa’s newsletter to receive tips, tools and small business success stories straight to your inbox.