Does your digital presence comply with privacy laws?

You’ve probably noticed a lot a communications lately updating privacy policies and disclaimers from businesses around the world.

Governments are stepping up regulation of online privacy, and small businesses can’t bury their heads in the sand. We’ve put together a quick guide to the key privacy areas you need to be across.

Important changes you need to know about

Law: Businesses that collect personal information and have an annual turnover of $3 million or more, and any business handling sensitive information (such as healthcare), must comply with the Australian Privacy Principles (APP).
What it means for you: In terms of ‘online transactions’, the law applies to any exchange of information such as taking payments, and information delivered via contact forms and lead magnets. Staying privacy compliant doesn’t require much work – but it’s important to be aware that non-compliance could lead to fines of up to $2.1 million.

Law: Disclosure of personal information to parties in other countries must comply with the APP.
What it means for you: Business owners who engage in any outsourcing, such as overseas web design, must take reasonable steps to understand that country’s data collection and handling policies. Also you need to make sure they are not in breach of Australian law.

Law: Email marketing must have a clear opt-out facility under the Spam Act.
What it means for you: Sending promotional emails without an opt-out button, or mail to customers who have already opted out, is a big no-no. Make sure your marketing collateral – especially anything that is automated – complies with opt-out laws.

Law: Only collect personal information that is necessary for your transaction.
What it means for you: If you’re selling someone makeup, for example, there’s no need to get their passport number. You should review your online forms to make sure you’re only asking for relevant information.

Law: The European Union’s General Data Protection Regulation (GDPR) came into effect in May 2018. It applies to any business, anywhere in the world, that processes personal data relating to an individual in the European Union.
What it means for you: While largely similar to the APP, there are some differences that may affect how data must be protected. If you deal with customers from countries in the EU, it’s worth getting across the GDPR, or even getting legal advice, to ensure you comply with the new regulations.

Checklist for remaining compliant

The following points should protect you, and demonstrate goodwill in the event of a breach. Your industry bodies and small business groups should have privacy policy templates you can use:

  • Have a policy in place for how you collect, use, disclose and store personal information, as well as any complaints that arise from it.
  • Develop a privacy notification and make it visible wherever personal information is collected, such as pop-up cookie notifications on your website and email disclaimers.
  • Appoint a privacy officer to keep up to date with changes to the law, and document and train your staff accordingly.
  • Stay on top of any breaches, report them and follow through on any necessary changes.

What to do if you are in breach

Notifiable data breaches must be reported to the affected individuals as well as the Office of the Australian Information Commissioner (OAIC), especially if the breach is likely to result in serious harm to anyone whose personal information was compromised. You will need to complete a form and conduct a quick assessment of the extent of the breach.

Time for a financial health check? Contact Prospa on 1300 882 867, or apply online for a small business loan.

The information in this post is provided for general information only and does not take into account your personal situation. Nothing contained in this post constitutes advice or an endorsement or recommendation of any kind by Prospa. Any links to third party websites are strictly for informational purposes only. You should consider whether the information is appropriate to your needs, and where appropriate, seek professional advice from financial, legal and taxation advisors. Although every effort has been made to verify the accuracy of the information as at the date of publication, Prospa, its officers, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy, or omission from the information for any reason, including due to the passage of time, or any loss or damage suffered by any person directly or indirectly through relying on this information.