There have been significant changes in privacy and data protection laws.
General Data Protection Regulation
From 25 May 2018, the General Data Protection Regulation (GDPR) regulates the processing of personal information under European Union (EU) law. The GDPR aims to protect the information relating to individuals in the EU and harmonise data protection laws across EU Member States.
Our collection, use, disclosure and processing of your personal information is regulated by the GDPR if:
- you interact with our Westpac UK branch;
- we offer products or services to you whilst you are located in the EU; or
- we monitor your behaviour whilst you are located in the EU.
Some of the key aspects of the GDPR include:
- individuals have various rights with respect to their personal information processed by organisations, for example, they can ask for the return of their personal information which they have given in a structured and electronic (machine-readable) form;
- that it can apply to organisations established both in the EU or outside of the EU; and
- organisations in breach of GDPR can be fined up to maximum of 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements.
For further information on how we manage your personal information under the GDPR, please refer to the Westpac group’s EU Data Protection Policy which is available at westpac.com.au/privacy/eu-data-protection-policy
Mandatory Data Breach Notification
The Federal Government has incorporated a new Notifiable Data Breaches (NDB) scheme into the Australian Privacy Act. The scheme came into effect on 22 February 2018.
The NDB scheme requires organisations and agencies with obligations under the Privacy Act to notify the Office of the Australian Information Commissioner (OAIC) and impacted individuals about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the information relates.
If we believe there has been an eligible data breach that impacts your personal information, we will notify you as soon as possible and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.