Overview: Key compliance obligations under the GDPR

Overview of Key compliance obligations under the GDPR

The GDPR is a regime of personal data protection requirements adopted by the European Parliament which regulates “personal data”. As set out in What is the GDPR and when does it apply to Australian organisations?, the GDPR applies to Australian organisations in certain circumstances.

If the GDPR applies to your organisation (or will sometime in the future due to a change in your international strategy), your organisation will need to have a clear strategy to comply with the GDPR.

This can be a daunting task for Australian organisations, because while some of the concepts and obligations under the GDPR are similar to our own Privacy Act, there are many significant differences (which are explored in greater detail in Complying with both the Privacy Act and the GDPR).

In this subtopic you will learn:

  • what are the key principles which form the framework or “heart” of the GDPR;
  • what are the key terms and concepts under the GDPR;
  • what are the key obligations under the GDPR if you are a “controller”;
  • what are the key obligations under the GDPR if you are a “processor”;
  • a checklist of questions to ask to determine if you are a “controller” or a “processor”;
  • a checklist of questions to ask your organisation in order to assist in your journey to comply with key requirements under the GDPR.