How to create a privacy policy for your facebook page
Privacy Policy for Facebook Pages
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
Australian privacy principles (or Apps) share commonalities with the standard GDPR policy (EU General Data Protection Regulation) and crucial differences. Website and business owners need to understand these differences to benefit their customers. So, let’s dive in.
This is the age of technology and legalities. Rights are taken very seriously, and the infringement of a person’s rights is entirely unacceptable. As a business or company, you have to be 100% sure that you are protecting your clients, and are protected by your Terms and Conditions (Ts & Cs) and Cookie Policy, etc.
To ensure that nothing is accidentally overlooked, you may need a professional privacy policy that abides by GDPR and Australian Privacy Principles (particularly if you’re in the EU or Australia). However, before you start engaging a business to help you with your GDPR sample policy or your Australian privacy policy, you may want to understand the difference between the two policies and how they came into effect.
The Privacy Act 1988 was created to protect and promote citizens’ privacy and control how Australian Government organisations deal with personal information. The Privacy Act includes 13 Australian Privacy Principles (APPs).
These apply to most Australian Government agencies and some private sector institutions and were implemented to regulate how companies with an annual turnover of more than $3 million handle sensitive personal data. These establishments are collectively classified as ‘APP entities.
GDPR stands for General Data Protection Regulation. This European Union (EU) legislation came into effect on May 25, 2018. This policy solidifies and expounds on the EU’s current intelligence safeguarding structure. GDPR takes the place of the 1995 Data Protection Directive, and it’s a new list of rules meant to allow EU citizens greater control over their private information.
There are subtle differences between “personal data” and “personal information.”
The Australian Privacy Principles refer to “Personal Information,” whereas the GDPR refers to “Personal Data.”
As time has passed, new consumer rights have come into effect. The GDPR reflects more of these rights than the Australian Privacy does, namely:
In a sense, the GDPR is a more modern framework than the APPs.
There are certain circumstances where this right allows a person to request that a business delete their data. This can inform how you generate a privacy policy for your website, and the following are qualifying situations.
The “Erasure Right” is a trumped-up version of the “right to be forgotten.”
Did you know that your client has the right to refuse to process their personal data at any time? With this, the Australian Privacy Principles are one step ahead of the GDPR. The GDPR requires the client to request the deletion of their personal data, but the APPs go a step further and state that:
A good tip is to store all personal information in an easy-to-extract format and set up automatic alerts where clients can inform you if they intend to withdraw their consent.
Your client has the right to request that you hold their personal information in a data processor, in a commonplace, plus in an organised and machine-readable format. Your client also has the right to dispatch their personal data to any other business or institution without interfering with the company they initially provided their data.
The Australian Privacy Principles require an individual to authorise, whether express or implied, the collection of their personal data. The GDPR does not refer to consent being either implied or expressed.
It states, however, that a data processor must be able to provide proof that a person has given consent for the collection of their personal data. If you decide to obtain your client’s approval via a written document, you must do so using precise, easy-to-understand terminology.
The two significant differences are:
A good tip to ensure compliance with GDPR requirements is to get the client to simply click a “tick to accept” box alongside the statement:
“I consent to collect my personal data under this Privacy Policy.”
Although it is not essential in Australia, according to APP rules, that “tick to accept” box is imperative if you want to ensure GDPR compliance.
Regarding data breach notifications, Australian Privacy Principles have recently implemented new rules, which fall under the Notifiable Data Breaches Scheme. Under the new scheme, APP entities are required to inform the Australian Information Commissioner of all eligible data breaches.
Any breach likely to result in grievous harm to the person to whom the information relates is regarded as an eligible breach.
If a breach is likely to put the rights and freedom of individuals in jeopardy, the business must notify:
A data breach is a severe offence and can have serious repercussions. A good tip is ensuring stringent security measures to prevent data breaches.
Also, prepare a “Data Breach Plan” like a fire-drill plan so that your business is ready to spring into action if a breach occurs.
That way, you can limit the damage and far-reaching effects of the breach, containing the problem.
Here is a summary listing only the critical differences between the APPs and the GDPR Policies.
There’s a lot more to business than just launching a website. There are compliance issues to consider, and you may need to create cookie policies, privacy policies, disclaimer policies, and more for your website.
As a business owner, you should consider these laws to avoid legal repercussions and whether you must comply with Australian privacy principles and the standard GDPR policy.