The GDPR became enforceable on 25 May 2018. It aims to harmonise data protection procedures and enforcement across the EU, helping consumers reclaim and protect their personal data. The GDPR has global reach, and severe penalties for noncompliance. Breaches are punishable by the higher of €20 million or 4% of annual company turnover.
While the regulatory spotlight will mainly be focused on the EU, it’s important that Australian businesses understand their own exposure and take action to manage their risk.