GDPR & Queensland Government Agencies

January 16, 2019 - 4:46pm

The European Union’s (EU) General Data Protection Regulation (GDPR) came into effect on 25 May 2018. It aims to harmonise data privacy laws across Europe and replaces existing national data protection rules. The UK Information Commissioner’s Office (ICO) has issued a formal enforcement notice in an extra-territorial area (to a Canadian data analytics firm). This confirms that the GDPR regime not only applies to companies within the European Union, but also other areas so long as the processing activities relate to data subjects within the EU.

Does it affect my agency?

Although the GDPR is a European privacy law, it could apply to Australian businesses and government agencies that offer goods or services to, or monitor the behaviour of, individuals in the EU. For example, if your agency:

sells tickets to attractions, conferences or events online to individuals in the EU

offers educational packages to students in the EU

offers goods or services relevant to the agency to individuals in the EU (regardless of whether payment is required).

Online behavioural advertising, profiling or tracking users are less obvious activities that could potentially fall within GDPR’s scope.

Your agency’s functions and current privacy practices will determine how you implement the GDPR requirements. Generally, your agency should consider the geographical reach of its activities and seek independent legal advice regarding its data processing activities.

Useful Resources