General Data Protection Regulation commences 25 May

25 May 2018
Tags: news

The European Union (EU) General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The GDPR will harmonise data privacy laws across Europe, and replace existing national data protection rules.

Australian businesses may need to comply with the GDPR if they have an establishment in the EU, offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.

Similar to regulatory developments in Australia, including the Notifiable Data Breaches (NDB) scheme and the upcoming Australian Government Agencies Privacy Code, the GDPR requirements are concentrated on enhancing business’ accountability and transparency in the handling of personal information.

The Privacy Act 1988 (Privacy Act) contains a number of similar obligations to the GDPR, including those to:

  • ensure compliance with a set of privacy principles
  • implement a privacy by design approach to compliance
  • adopt transparent information handling practices.

Businesses should also ensure that they are familiar with the differences between the requirements of the GDPR and the Privacy Act, and seek legal advice where necessary.

The OAIC has guidance to assist Australian businesses to understand the requirements of the GDPR and how they can comply with Australian and EU privacy laws, which you can read here: Australian businesses and the EU General Data Protection Regulation.

We have also produced a short FAQ on whether the GDPR applies to Australian Government agencies, which you can read here: Does the EU GDPR apply to Australian Government agencies?

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at