LexisNexis Practical Guidance®

The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) came into force on 25 May 2018.

The GDPR is a regime of personal data protection requirements adopted by the European Parliament which regulates “personal data”. While the GDPR is EU law, it has unprecedented extra-territorial reach. If the GDPR applies to your organisation, you may need to make a number of significant changes in order to ensure compliance.

Broadly speaking, if your organisation has an “establishment” in the EU or:

• offers goods or services to; or
• monitors the online behaviour of people in the EU,
  then it may be subject to the GDPR.

In this subtopic you will learn:

• what is the GDPR and why it is important;
• when the GDPR might apply to an Australian organisation;
• what

  View all What is the GDPR and when does it apply to Australian organisations? guidance

The GDPR is a regime of personal data protection requirements adopted by the European Parliament which regulates “personal data”. As set out in What is the GDPR and when does it apply to Australian organisations?, the GDPR applies to Australian organisations in certain circumstances.

If the GDPR applies to your organisation (or will sometime in the future due to a change in your international strategy), your organisation will need to have a clear strategy to comply with the GDPR.

This can be a daunting task for Australian organisations, because while some of the concepts and obligations under the GDPR are similar to our own Privacy Act, there are many significant differences (which are explored in greater detail in Complying with both the

View all Key compliance obligations under the GDPR guidance

The GDPR is a regime of personal data protection requirements adopted by the European Parliament which regulates “personal data”. As set out in What is the GDPR and when does it apply to Australian organisations?, the GDPR applies to Australian organisations in certain circumstances.

If the GDPR applies to your organisation, you will need to have a strategy in place to comply with key obligations under the GDPR (see Key compliance obligations under the GDPR).

A key compliance issue for Australian organisations is dealing with overseas transfers of personal data outside the EU.

Individuals risk losing the protection of the GDPR if their personal data is transferred outside of the EU.

Chapter V (notably Articles 44–47) of the GDPR governs the transfer of personal

View all Dealing with overseas transfers guidance

Many Australian businesses may find themselves in the situation of having to comply with two privacy regimes — under our own Privacy Act 1988 (Cth) (Privacy Act) and under the GDPR.

This subtopic is designed to assist businesses caught by both regimes to understand how they compare, as a first step in the journey of putting the necessary compliance measures, policies and processes in place.

In this subtopic you will learn:

• preliminary questions to consider;
• comparing the Privacy Act and the GDPR;
• unique aspects of the GDPR; and
• practical issues to consider with complying with both the Privacy Act 1988 (Cth) and the GDPR with our practical comparison table.

As each organisation’s size, scale, resources, budget and operational requirements are different, it is beyond the scope of

View all Complying with both the Privacy Act and the GDPR guidance