GDRP (General Data Protection Regulation) is the European Union (EU) legislation to protect online privacy. It creates the right values around how companies and users should think about personal information.

Australian small business needs to start thinking about user/client privacy regardless of whether they do business in the EU.

Why? Because this is the beginning of a global push towards greater user privacy. GDRP is the world’s most comprehensive, wide-ranging and almost universally applicable online privacy legislation. Other countries legislation will only strengthen it.

The EU says Australia does not have adequate privacy laws. We have the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (Australian Privacy Law). Think of GDRP as a ‘superset’ of those laws that Australian small business has conveniently and largely ignored. Australian Laws will soon fall in line with GDRP.

GDRP has sent many Australian companies scrambling to advise users of new privacy policies.

Why? Because any Australian business is now global whether it is as simple as using cookies to collect information from some hapless web-surfing EU resident or supplying goods or services to a local company that may have EU shareholders.

Or maybe you are sourcing goods or services that come in whole or part from the EU. That can be as simple as using a software app developed there or cloud services located there. You would be surprised at the EU pedigree of some of the worlds most popular software/apps.

Your EU customers or suppliers have obligations under the GDRP. They understand that it is a big stick and small carrot and the law will come down hard on those who break it.