contact our team Search Search
why mk
find out more
corporate social responsibility
find out more
macpherson kelley foundation
find out more
why choose mk?
find out more
are you a graduate?
find out more
work with us
view vacancies
brisbane

one eagle – waterfront brisbane
level 30, 1 eagle street
brisbane qld 4000
+61 7 3235 0400
get directions find a lawyer
dandenong

40-42 scott st,
dandenong vic 3175
+61 3 9794 2600
get directions find a lawyer
melbourne

level 7, 600 bourke st,
melbourne vic 3000
+61 3 8615 9900
get directions find a lawyer
sydney

grosvenor place
level 11, 225 george st,
sydney nsw 2000
+61 2 8298 9533
get directions find a lawyer
adelaide

naylor house
3/191 pulteney st,
adelaide sa 5000
+61 8 8451 6900
get directions find a lawyer

hello. we’re glad you’re
getting in touch.

Fill in form below, or simply call us on 1800 888 966

Home > News & Insights > EU Privacy Changes and its impact on Australian business

EU Privacy Changes and its impact on Australian business

17 May 2018
marcus hannah
Read Time 2 mins reading time
Kelly Dickson principal lawyer, commercial
Mark Metzeling principal lawyer, commercial

The regulatory landscape governing data privacy and protection across the world is set for a landmark change with the European Union’s General Data Protection Regulation (‘GDPR‘) coming into effect on 25 May 2018.

The GDPR will replace the data privacy standards currently in place in the European Union (‘EU‘) and aims to harmonise data protection laws across the EU, modernising standards to reflect the use of new technology and the growing practice of the creation and processing of personal data on the internet.

The GDPR will have application beyond the EU and will apply to all companies, regardless of location and size, that:

  • offer goods or services in the EU;
  • monitor the behaviour of residents of the EU; or
  • or process or hold the personal data of individuals based in the EU.

Personal data is defined broadly and will include any information that can be used to directly or indirectly identify an individual. This may include an individual’s name, email address, medical information or even a computer IP address.

Australian companies that fall within the reach of the GDPR will need to ensure they are adequately prepared. Compliance with the GDPR will require companies to adopt transparent data handling practices and meet certain standards when handling personal data. This will include obligations regarding the type of personal information that can be gathered, how personal information needs to be stored and protected and what organisations must do in the case of a data breach.

Unlike previous data protection laws, the GDPR also introduces direct liability for data processors, such as service providers who provide cloud based services.

The GDPR introduces unprecedented penalties for non-compliance. Fines can be up to €20 million or 4% of annual group turnover (whichever is greater) for serious infringements.

In the lead-up to the commencement of the GDPR, businesses should investigate whether they will be required to comply with the GDPR, and if so, take action immediately to ensure they are compliant by 25 May 2018.

If you have any queries regarding your company’s compliance with the GDPR, please contact us.

This article was written by Marcus Hannah, Senior Associate – Commercial. 

The information contained in this article is general in nature and cannot be relied on as legal advice nor does it create an engagement. Please contact one of our lawyers listed above for advice about your specific situation.

Kelly Dickson principal lawyer, commercial
Mark Metzeling principal lawyer, commercial

more
insights
27 August 2025

Trump’s tariffs cause trade pain for Australian & SE Asian businesses

read more
26 June 2025

How neurotechnology could transform privacy law and the world around you

read more
20 June 2025

Washed up: ASIC and ACCC set sights on unsupported AI claims

read more

stay up to date with our news & insights

EU Privacy Changes and its impact on Australian business

17 May 2018
marcus hannah

The regulatory landscape governing data privacy and protection across the world is set for a landmark change with the European Union’s General Data Protection Regulation (‘GDPR‘) coming into effect on 25 May 2018.

The GDPR will replace the data privacy standards currently in place in the European Union (‘EU‘) and aims to harmonise data protection laws across the EU, modernising standards to reflect the use of new technology and the growing practice of the creation and processing of personal data on the internet.

The GDPR will have application beyond the EU and will apply to all companies, regardless of location and size, that:

  • offer goods or services in the EU;
  • monitor the behaviour of residents of the EU; or
  • or process or hold the personal data of individuals based in the EU.

Personal data is defined broadly and will include any information that can be used to directly or indirectly identify an individual. This may include an individual’s name, email address, medical information or even a computer IP address.

Australian companies that fall within the reach of the GDPR will need to ensure they are adequately prepared. Compliance with the GDPR will require companies to adopt transparent data handling practices and meet certain standards when handling personal data. This will include obligations regarding the type of personal information that can be gathered, how personal information needs to be stored and protected and what organisations must do in the case of a data breach.

Unlike previous data protection laws, the GDPR also introduces direct liability for data processors, such as service providers who provide cloud based services.

The GDPR introduces unprecedented penalties for non-compliance. Fines can be up to €20 million or 4% of annual group turnover (whichever is greater) for serious infringements.

In the lead-up to the commencement of the GDPR, businesses should investigate whether they will be required to comply with the GDPR, and if so, take action immediately to ensure they are compliant by 25 May 2018.

If you have any queries regarding your company’s compliance with the GDPR, please contact us.

This article was written by Marcus Hannah, Senior Associate – Commercial.