Australian in-house lawyers ‘well placed’ one year on from GDPR

By Jerome Doraisamy|09 July 2019

One year on from the commencement of the General Data Protection Regulation in the European Union, Australian legal counsel can learn much from the experience of overseas businesses, argues a national law firm partner.

Speaking last week on The Corporate Counsel Show, Holman Webb partner Tal Williams said the GDPR legislation is “pretty similar” to Australia’s existing privacy laws, which — save for some differences and extensions — means that in-house counsel in Australia have been well placed, relative to other jurisdictions, to navigate the new regulations for their respective businesses.

“We certainly have advised a lot of clients if they are, if they need to be GDPR-compliant. When it comes to policies, practices and procedures, I think Australia has done very well in already having in place that baseline underlying compliance component that is required,” he said.

“Some of the recent cases that we might have a chat to you about later on do highlight some of those issues, and although it may not be specific in the Australian legislation, certainly if you look at the guidelines the Privacy Commissioner has issued, there are issues that are very relevant here, even if not a direct and immediate obligation under our legislation. But we’re very well placed, very well placed, indeed.”

The past 12 months has seen approximately 200,000 complaints lodged with the various regulators across Europe, Mr Williams informed.

“One of the more recent cases — and I suppose this is telling for Australia, because this is an obligation of ours — [showed that] you only keep data for as long as it’s necessary to keep that data. The Lithuanian regulator has issued a 61,000 euro fine for somebody who, amongst other things, kept data that should have been kept for 10 minutes, kept it for 216 days,” he said.

“So, if youre a legal counsel in Australia, its beholden upon you, both for Australian laws and GDPR compliance, to say, ‘Why is weve got this data? Why do we still have information from our customers who havent been a customer for the last five years?’

Advertisement
Advertisement

“Asking those questions as legal counsel in Australia, I think, is very, very important. And having your business assess that is very, very important. Because although its not a formal obligation, theres no set time period in Australia. It is still necessary for you to defend why it is that that data is being held. Because the longer its held, the more exposed it is, and if there is a breach then information that you shouldnt have had will be disclosed and that will be a problem.”

Another lesson, Mr Williams noted, is that the last year has highlighted how important it is to have systems in place that ensure data is satisfactorily protected.

“You need to have a system in place whereby you design how your information is presented, you are aware how long it is kept for, you do things positively so that you can tick the boxes so that if there is a breach, youre able to say, ‘Yep, we considered that. This is why we kept the information for that long, we considered that. Thats why we kept this particular software in place, in order to defeat infiltration by software. This is why, this is why, this is why’.

“And that will go a long way to protect you against the severity of the fines that can be issued. You might still be in breach because something has happened that had enabled the data to get out there. But the, whether or not youre prosecuted, or if you are, what sort of fine will apply is very much going to be affected by the positive, the direct and positive steps that you took.”

This email address is being protected from spambots. You need JavaScript enabled to view it. 

To listen to Jerome's full conversation with Tal Williams, click below:

Australian in-house lawyers ‘well placed’ one year on from GDPR
Intro image
lawyersweekly logo
Corporate Counsel

latest

4 in 5 industry experts say cyber security laws are insufficient

What’s putting your company’s reputation at risk?

Regulation seen as the ‘single largest risk’ that GCs face

PwC bolsters its NewLaw capabilities