In todays digital age, privacy has become a growing concern for individuals and businesses alike. With the increasing amount of personal information being shared and stored online, it is crucial to understand the laws and regulations that govern the protection of this data.

Two prominent legislations that address this issue are the General Data Protection Regulation (the 'GDPR') in the European Union and the Privacy Act 1988 Cth (the 'Privacy Act') in Australia. In this blog post, we will explore the key differences between these two privacy policies and how they impact individuals and businesses in Sydney, Australia.

Here are 7 key differences between the GDPR and the Privacy Act.

1. Scope and Applicability:

The GDPR is a regulation that applies to all organizations that process personal data of individuals within the European Union, regardless of where the organization is located. On the other hand, the Privacy Act in Australia applies to Australian government agencies and businesses with an annual turnover of more than $3 million AUD.

2. Consent:

Under the GDPR, explicit consent is required for the processing of personal data. This means that individuals must actively give their consent for their data to be used for specific purposes. In contrast, the Privacy Act in Australia allows for implied consent, where consent is assumed unless an individual explicitly opts out.

3. Penalties:

One of the most significant differences between GDPR and the Privacy Act is the penalties for non-compliance. The GDPR imposes hefty fines of up to €20 million or 4% of the global annual turnover, whichever is higher. In comparison, the Privacy Act in Australia has much lower penalties, with a maximum fine of $2.1 million AUD for serious breaches.

4. Data Breach Notification:

Under the GDPR, organizations are required to notify the relevant supervisory authority within 72 hours of becoming aware of a data breach that is likely to result in a risk to the rights and freedoms of individuals. In Australia, the Privacy Act also mandates the notification of data breaches, but there is no specific timeframe mentioned.

5. Data Protection Officer (DPO):

The GDPR requires organizations to appoint a Data Protection Officer if they process large amounts of personal data or engage in systematic monitoring of individuals. This role ensures compliance with the GDPR and acts as a point of contact for individuals and supervisory authorities. The Privacy Act in Australia does not have a similar requirement for the appointment of a DPO.

6. Extraterritorial Effect:

The GDPR has an extraterritorial effect, meaning that it applies to organizations outside the European Union if they process personal data of EU residents. This has significant implications for businesses operating globally. In contrast, the Privacy Act in Australia only applies to organizations within Australia.

7. Individual Rights:

Both the GDPR and the Privacy Act provide individuals with certain rights regarding their personal data. These include the right to access, rectify, and erase their data, as well as the right to restrict or object to its processing. However, the GDPR provides additional rights such as the right to data portability and the right to be forgotten.

Conclusion:

While both the GDPR and the Privacy Act aim to protect individuals' privacy rights, there are several key differences between the two. The GDPR has a broader scope, stricter consent requirements, and more severe penalties for non-compliance.

On the other hand, the Privacy Act is more focused on Australian organizations and has lower penalties. Understanding these differences is crucial for businesses operating in Sydney, Australia, to ensure compliance with the relevant privacy laws and protect the personal data of their customers.

Here at Purpose Lawyers, we offer a Complimentary 15-minute advice session.

Please contact us on 1300 806 106 or email us at info@purposelawyers.com.au to arrange your complimentary advice session today!