Almost everyone now accepts that if new data protection laws come, they will be based on GDPR. It is used by much of the world today. Not just in Europe, e.g. South Korea, the state of California in the USA, Israel and Argentina have it too.
As there is a significant push to get GDPR laws into Australia, this is both federal and state; it almost certainly will come. It only needs one state, and the cost is there for Australia. It will affect more than *big business* as many stated. Data protection is more than *big business*. Everybody is affected. Click here for a list of any convictions, fines and penalties for violations of GDPR. You will see private individuals, small businesses, and doctors fined for breaches there.
One point that does worry me is that some newspaper companies continue to send data unencrypted to many of my client's private information. I am not too fond of that and have told the newspaper companies about my concerns. It should be addressed ASAP. If someone should pay for it, I do not want it to be my client. The other issue is that many of my clients have private information on clients that is years old. In the same example above, what commercial reason is there for a newsagent to have delivery information on a customer in their computer system after they have given back to the publisher their deliveries?
Just to clean 1,000 accounts out of the system, assuming it takes 20 to 30 seconds, each is 5 to 8 hours of work. It's a full day probably; I bet it's much more.
My immediate concern is how much costs will SMBs will have to pay, as compliance with GDPR is not cheap. I know in the UK, when introduced, businesses complained of the high expense. When I did a net search in the UK. There I found that some small businesses are paying about $A87/month to cover themselves after having a GDPR audit check initially, then an hourly rate to fix the problems. I am not sure how much a GDPR audit costs there. We charge $500 for a GDPR audit to our clients requiring this, but I am confident there are much more costs in the UK. They would have to include training for staff, customer signing and more.
Much of the cost of monitoring GDPR in Australia is currently passed onto the customer, but I am not sure how this cost of compliance can be passed to Australian customers if GDPR comes here.
We are keeping a close watch on the situation.
Please let me know if you know the situation in a country for any of this under GDPR or similar laws. I like to hear from you.
