Consultancy specialising in the General Data Protection Regulation (GDPR)
‘by Data’ is a Consultancy specialising in the General Data Protection Regulation (GDPR) to comply with legal and security requirements in the management and processing of personal data.
In Australia, since June 2018, the Office of the Australian Information Commissioner (OAIC) stablished through the Privacy Business Resource 21 the mandatory obligation for Australian businesses to apply the General Data Protection Regulation (EU) 2016/679 (GDPR) if they meet one of the following criteria:
– an Australian business with an office within the European Union.
– an Australian business whose website targets European Union residents (Marketing).
– an Australian business with users, customers or clients in the European Union citizens or European Union residents.
– an Australian business that tracks individuals (or analyses and predicts personal preferences, behaviours and attitudes) in the European Union.

Services

RISK ANALYSIS
RECORDS OF PROCESSING ACTIVITIES
PRIVACY IMPACT ASSESMENT

AUDITS
PRIVACY POLICY
SECURITY PROCEDURES

DATA PROTECTION OFFICER
EUROPEAN REPRESENTATIVE
CONSULTANT

Data Protection Officer (DPO)
The Data Protection Officer (DPO) must be designated by the Organisation (Australian businesses who applies GDPR) and be communicated to the concerned Supervisory Authority in any case where:
– The data processing is carried out by a Public Authority or Body, except for courts acting in their judicial capacity; or
– The core activities of the Australian business consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require Regular and Systematic monitoring of data subjects on a large scale; or
– The core activities of the Australian business consist of processing on a large scale of Special Categories of data or data relating to Criminal Convictions and Offences referred.
European Representative
Australian businesses, that carry out regular and systematic processing of personal data, must designate a European Representative regarding their respective obligations under this regulation when:
– Offering of goods or services (Direct Marketing), irrespective of whether a payment of the data subject is required, to European citizens or residents; or
– Monitoring of their behaviour as far as their behaviour takes place within the European Union.
