Thursday, 31 May 2018 15:33

Why does European GDPR law matter to Australians?

By

With Australia now one of "the leading countries of cloud adoption in the world", and with the ability for business to be global having happened long ago, foreign regulations can have local implications.

Many Australian organisations are using cloud services to both run business applications and store massive amounts of data, according to Matt Hallewell, Cloud and Modern IT at Avanade, with the company stating it "transforms businesses for the digital era".

Cloud is just one part of that transformation, and now Hallewell tells us that the benefits of the cloud "are about to come under new data privacy and control regulations that impact Australian organisations".

So, what is GDPR?

Well, we're reminded that it stands for General Data Protection Regulation, and it's "Europe’s answer to data regulation".

Hallewell continues, stating that "over 500 million EU citizens will be given unprecedented rights, access and control over their personal data".

"In Australia", he continues, "there is a sense of confusion as to what this actually means, with clients asking how GDPR relates to us".

The answer is, quite significantly.

No matter where an organisation is located — within the EU or not — Hallelwell stresses that it must comply with the GDPR if it collects, processes, shares or stores personal data that identifies “EU data subjects.”

Australian businesses will have to comply if they:

  • Operate businesses that are established in a member state of the EU;
  • Offer goods or services to individuals in the EU, irrespective of whether a payment is required; and
  • Monitor the behaviour of individuals in the EU, where that behaviour takes place within the EU.

With this in mind, Hallewell has compiled "the following focus areas whereby owners of data need to get their house in order, especailly now that GDPR is a reality".

1. Shut down unauthorised cloud solutions

"A side effect of massive cloud growth in Australia is that many companies are currently storing data (including customer personal data) in many cloud services (such as DropBox, WeTransfer, Apple iCloud, etc) that aren’t authorised or controlled as traditional Enterprise IT services. This means that the data may be located and stored in multiple geographies around world.

"Because data can be stored within multiple locations by cloud service providers, store corporate data in one location in every jurisdiction. Avanade recommends moving data from unauthorised Cloud Services into enterprise cloud services (such as Microsoft OneDrive) and shutdown third party solutions, to give you more control over who is accessing your data."

2. Deploy mobile device management tools for greater data management

"GDPR has seen an increase in customers worried about mobile devices, smartphones or PCs having corporate data in uncontrolled environments. Mobility device management tools (such as the Microsoft Enterprise Mobility Suite) allows organisations to control and restrict access of sensitive data so it can’t be taken outside the corporate network, so it is be accessed insecurely.

"This is vital for organisations who have employees that travel to Europe on a regular basis for example."

3. Collect necessary data only

"Specify in any data processing agreement that only the personal data needed to perform the app’s function is collected by your organisation and nothing more. There are limits on “special” data, which includes race, ethnicity, political views, religion etc."

4. Don’t allow cloud apps to use personal data for other purposes.

"State clearly in any data processing agreement that the customer owns the data and it is not shared with third parties. It must be possible for the controllers to retrieve the data in a structured, commonly used format to provide to the data subject or another controller."

5. Ensure that you can erase the data when you stop using applications.

"Make sure that you can download your own data immediately and apps will erase your data once you’ve terminated any services with third parties. The more immediate (i.e. less than a week), the better, as the longer it takes, the higher the risk of exposure."

6. The contract should define a breach event

"Describe a procedure for the provider to notify your enterprise about any breaches without undue delay. Even if the cloud provider experiences a data breach that impacts multiple customers, you should be responsible for external communications and manage the overall breach with their support.

"What organisations don’t want is a breach making headlines before their provider notifies them of the breach and before the controller is able to notify local authorities. Organisations are not in control over the cloud provider’s (IT) environment and you must rely upon (IT) controls that the provider has in place. Therefore, it is always necessary to assess to what extent the provider can comply with your IT Security requirements."

Given the GDRP deadline on 25 May has passed, following these measures is imperative to ensure you and your organisation are well prepared for the realities of GDPR now being in force.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments