House debates

Tuesday, 29 May 2018

Statements by Members

European Union's General Data Protection Regulation

1:48 pm

Photo of Gai BrodtmannGai Brodtmann (Canberra, Australian Labor Party, Shadow Assistant Minister for Cyber Security and Defence) Share this | | Hansard source

Once again, the Turnbull government has let Australian small businesses down when it comes to cybersecurity and cybersafety. We saw it with WannaCry last year, when there was zero communication about what to do in the face of this possible crisis, and last week we saw it again with the General Data Protection Regulation. Thanks to zero communication from the Turnbull government, I'd say many Australian small business owners don't even know what the GDPR is, so they'll be alarmed—they'll be horrified—to know they could be fined up to A$30 million for not complying with it.

Last Friday, the EU introduced the GDPR. The GDPR aims to protect EU citizens from privacy and data breaches by requiring organisations to be more transparent. The GDPR means organisations now have to gain explicit consent to collect, use and store data, clearly disclose the purpose for retaining data, and report any data breaches within 72 hours. Australian businesses of any size may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU or if they monitor the behaviour of individuals in the EU through social media. Last Friday morning, I asked if Australian small businesses were ready for GDPR, given the absence of the awareness campaign by the Turnbull government. Thankfully, the government finally got around— (Time expired)