In this edition of Gilbert + Tobin's Corporate Advisory Update, we focus in on key legal developments over the last month which are particularly relevant to in-house counsel. In this update we discuss:
- The EU’s General Data Protection Regulation
- Reform of the Australian data landscape
- ASX : Culture shock – the ASX gets serious about governance
The European Union’s General Data Protection Regulation (GDPR) – the most significant overhaul of Europe’s data protection laws in recent memory – came into force on 25 May 2018. From that date, any organisation to which the GDPR applies will need to ensure that all of its relevant data processing practices (including those ongoing under pre-existing arrangements) are compliant with its provisions.
Of particular interest is its extremely broad extra-territorial reach, which may catch within its net the data handling practices of many Australian organisations (small and large, private and public sector). A failure to comply with the GDPR can result in fines of up to €20 million (c. AUD 31.8 million) or 4% of the organisation’s global annual turnover (whichever is the greater).
A recent report by G+T’s Technology + Digital team outlines the GDPR and the implications for Australian organisations.
Meanwhile, the Australian Government has also announced a range of measures set to transform the data landscape in Australia.
The reform measures are largely consistent with the recommendations of the Productivity Commission’s inquiry into Data Availability and Use. The reforms are designed to increase trust and confidence in the way the Government manages and uses data, while at the same time unlocking the potential benefits of both government and private data for Australian citizens and industries.
A recent alert by G+T’s Technology + Digital team outlines the 3 key reforms, including:
- the introduction of a new consumer data right to allow consumers better access to their data, and the ability to direct a business to transfer that data to data recipients;
- the establishment of a new National Data Commissioner to oversee and monitor the integrity of Australia’s data system; and
- the introduction of a new Data Sharing and Release Act to facilitate the sharing and release of data in Australia.
The ASX Corporate Governance Council is consulting the public in relation to a proposed fourth edition of the ASX Corporate Governance Principles and Recommendations. The review comes with the current tide of public scrutiny of governance standards, prompting listed entities, companies and regulators alike to meaningfully reflect on what appropriate governance frameworks should look like.
The changes can be summarised as:
- recommendations that encourage listed entities to focus on the organisation’s culture of “acting lawfully, ethically and in a socially responsible manner”;
- recommendations that would require additional action not currently required by the Principles and Recommendations; and
- recommendations directed at improving corporate governance practices.
The recommendations place accountability squarely at the feet of directors. Boards must effectively monitor corporate governance, and take action where required. The new order of corporate governance aims to “set the tone from the top”.
The ASX will be conducting a national road show in June 2018 to publicise the review and consultation (as well as foreshadow some important Listing Rule changes due out for consultation later this year). See ASX Compliance Update for further details of the road show.
Submissions close on 27 July 2018, with a view to the revised fourth edition being effective for listed entities’ first full financial year commencing on, or after, 1 July 2019.
A recent report by G+T Corporate Advisory team provides a detailed analysis of the changes, which is arranged by the relevant principle and sets out the changes to the recommendations thematically.