Why Aussie startups should keep one eye on European data regulation
Tuesday, May 15, 2018/
The EU’s General Data Protection Regulation (GDPR) is just about to come into effect in Europe, and Australian politicians have been paying attention.
Last week, the Senate passed a motion calling on the government to “consider the impact of Australia’s insufficient and out-dated privacy laws on all Australians, including children and young people”.
Putting the motion forward, Green Senator Jordon Steele-John said: “Under current Australian law, young Australians might never be able to exercise their right to privacy”.
The Senate agreed GDPR should be regarded as the global best practice for standards in data privacy law and Australia should use it as a model for its own laws.
But, while GDPR is designed to protect citizens and give them more control of their own data, for businesses — including startups — it has required hefty process overhauls.
If the Australian government implemented a carbon copy of the EU’s GDPR, it would make sweeping changes to the ways any organisation can collect, hold or process personal information.
Under the regulation, citizens’ data cannot be held outside of the EU, and businesses have to get consent from each individual to use their data, as well as explaining exactly what it’s being used for.
Individuals also have a right to access their data, obtain it themselves and use it for their own purposes, and businesses must be able to provide that in a workable format.
Individuals also have the right to be forgotten and can demand their data is deleted at any point.
The European regulation is focused on ‘data protection by design’, meaning companies have to build privacy safeguards into their systems right from the start.
It also mandates proof of compliance, meaning that, even if a company complies with the rules already, it may still need an overhaul in order to be able to prove that to any regulator that comes calling.
Depending on the type of data an organisation is working with, the EU GDPR also requires a chief data officer to be in place.
All of this would place cost pressure on startups. And — if Australia follows the letter of the EU law — failure to make the changes could result in fines equal to 4% of an organisation’s annual turnover.
Finally, a GDPR-like system has the potential to change the playing field for startups when it comes to securing investment.
According to Scottish law firm Brodies, any GDPR compliance issues will be a red light for investors and European startups have to be ready for increased scrutiny from their backers.
The investors themselves will also likely be assessing whether the rules affect the viability of a business model. For example, gathering data with a view to selling it later may no longer be a viable proposition.
Senator Steele-John’s proposition is not with the federal government yet. But GDPR is a tricky beast, and if it’s headed this way, Aussie startups should be prepared.
A cultural war: What Hayne's report means for fintechs, accountants and small-business lending Charlotte Petris Timelio founder
In a perfect world: Canva's Melanie Perkins dreams about the future of Australian startups Melanie Perkins Canva co-founder
Swipe right for (data) validation: What dating apps can teach us about data security Leah Callon-Butler intimate.io co-founder
How do Australian startups tap into the $140 billion of dry powder sitting in the US? Andrea Kowalski Bailador partner
No silver bullet: Four steps to find the perfect sales and marketing channel for your startup Vinne Schifferstein Vidal Botown founder
Buzinga to Appster: An insider's theory on why the app giants keep falling Joseph Russell DreamWalk Apps co-founder
Got brand goals? The four most marketable sports of 2019 Andrew Montesi Pickstar head of marketing
What founders can do now to prepare for a possible 2019 recession Les Szekely EVP co-founder