This week the General Data Protection Regulation (GDPR) occupies the minds of businesses not only across the country but the whole world. A new law is coming into effect on Friday 25 May 2018 to protect privacy and personal data of the European (EU) citizens and residents. The legislation aims to give people more control over how organisations use their personal information.
The uniqueness of this law is that it affects not only companies working in Europe but also those around the world that hold the data of EU citizens. In the UK, these regulations are also being enforced by the Information Commissioner’s Office (ICO) and will form part of UK law following Brexit.
Despite living in Australia, many of us may have already noticed the effects of this upcoming law receiving numerous surprising emails from companies that do their business in Australia and the US. Companies now ask to confirm if we still wish to receive any email communications about their services.
I agree with some marketing and communications experts who share a feeling that the effects of what is happening in the EU and UK will be larger in Australia than we imagined. The purpose of the new regulation is to direct businesses towards putting people back in control of their own data. The massive change that is going to happen in the minds of consumers across EU and UK won’t leave Australians unaffected. Our sector has already evolved through more effective use of data by developing better content for stakeholders and channels of communications. This brought some negative aspects when too many businesses have used personal data to exploit consumers by selling email and telephone lists, opting them in for unwanted communications and failing to provide ‘an easy way out’ of all communications altogether.
So, what should we all do now?
The most important thing for Australian PR professionals to action in light of GDPR is to take the time to educate themselves about what it is, and what its implications are for their activities.
According to ZDNet, the GDPR and the Australian Privacy Act 1988 share many common requirements. Australia's Privacy and Information Commissioner Timothy Pilgrim also stated, "These are key issues that you need to start thinking about if you are dealing or trading in Europe". He also recommends Australian organisations use the opportunity to ensure they are compliant with their requirements under the Privacy Act, such as having good governance in place and undertaking privacy impact assessments. "There are a lot more similarities than difference and that's what we need to draw on," he said.
More now than ever, data protection legislation, such as GDPR, is relevant and important for all communications practitioners. It will change the way we communicate with our stakeholders, and how we handle their data.
Written by Nataliya Scoleri, MPRIA, Interim SA President