In Australia, the Privacy Act 1988 (Privacy Act) is the Australian legislation that sets the obligations for handling personal information about individuals.
General Data Protection Regulations (GDPR) across the European Union are very specific in their protection of the privacy of EU residents and those with an IP address located in the EU, whilst the California Consumer Privacy Act (CCPA) also gives individuals more control over the personal information collected by businesses.
Though your business operates from Australia, if you are:
- conducting business online
- open to accepting business or subscribers from other countries
- collecting data of any kind online from customers or visitors that may be located in the EU
then GDPR laws apply to you. I’ve got a quick and useful checklist you can download to check your compliance with GDPR requirements. Download it here.
There are sizable fines for breaching Privacy Acts, so complying is essential.
Privacy Policies don’t have to be complicated. How will you implement it into your business procedures if it’s too difficult for you to understand?
There are some essential factors that you should understand, including,
- what personal information includes,
- how you collect that personal information and
- what you do with it, including storage.
Avoid legalese, and don’t overcomplicate it. Yes, you have a variety of obligations to consider for privacy, but complicating it will make it harder to follow.
- Not understanding what procedures need to support the policy
For example, ‘We take your credit card details and store them in our filing cabinet in the office.” doesn’t sound professional and secure when written down. (If this is your current practice, please improve it immediately.)
Small businesses are likely collecting and storing information in a variety of places, including:
- Through websites
- Through social media
- Stored in their CRM
- Stored in their phone
- Stored in paper files
- Collected and stored in their email
- Not considering the privacy of everyone interacting with the business
- clients & customers
- potential clients
Do you have client lists up in an office that others can see?
Do you store client details in a filing cabinet or on your desktop?
Are you providing customer details to a third party, etc.?
Businesses change and grow over time. You’ve almost certainly changed how you use and manage personal information if you’ve been in business for a year or two.
Don’t forget, laws change over time too. Put a time in your calendar to review your policy, update it as needed, or get practical legal advice to make it effective for your small business.