Privacy is no longer an issue that can be ignored. It has become a key topic at the executive level and will become more important as the date for the GDPR directive approaches. From February 22, 2018 the Notifiable Data Breach Scheme, an amendment to the Australian Privacy Act, came into force in Australia.

In addition to the NDB, the European GDPR will come into force on May 25, 2018.

The Australian Privacy Act has undergone many changes since its inception, the latest being the introduction of the Notifiable Data Breach Scheme, also known as NDB. The NDB scheme sets out obligations for notifying affected individuals, and the Australian Information Commissioner (AIOC), about data breach, that could result in harm to an individual.  It aims to strengthen protections to personal information by providing individuals the opportunity to take steps to protect personal information. The Australian Privacy Act, and by extension the NDB, will affect Australian businesses that have an annual turn over of more than $3 million. To find out if you are covered by the Australian Privacy ACT, view the Privacy Act here.

While Australian business may feel they are not affected by the GDPR, because the business is not physically located in the EU, The GDOR will affect any business that collects, stores, processes or employs an EU citizen. If your website sells online products, has a newsletter sign up form, or markets to the EU then you will need to comply.

What is the GDPR

The GDPR is an EU privacy regulation that will affect businesses around the world when it becomes enforceable on May 25, 2018. It regulates how any organisation that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, process, share, use or store personal data of EU citizens you will need to comply with the GDPR.

Read more on our blog here

If you are not sure about your specific privacy requirements relating to your online data collection or processing, we now offer an assessment that will provide the following information:

  • Website analysis to determine all data collection points. For example, shopping carts, Newsletter signups, storage of personal information.
  • Analyse what information is collected and what identifies as "Personal Information"
  • Provide an Information Audit. This will include what data is collected, how the data is stored and who is responsible for the data should a breach occur.
  • Outline your responsibilities as a data controller. Responsibility can be shared, for instance the controller (the entity who collects the data and decides how it is processed), and the processor (the entity that processes the data). Generally the business itself is the controller of the data, however, should that data be processed by a third-party, for instance a newsletter mail-out service, then they as the processor also hold responsibility. It is important to note however, you as the controller are responsible to ensure compliance of the third-party.
  • Make recommendations for data collection processes, i.e., improve readability of privacy polices, recommend safeguards.
  • Conduct a Data Impact Assessment and/or Risk Assessment
  • Provide a Data Management Plan

Our services are tailored for each business individually. The cost of an assessment will depend primarily on your online activities.. To request an assessment of your website please fill out the form below or contact us on (08) 6363 5023.

Please type your full name.
Invalid email address.
Invalid Input
Invalid Input
Invalid Input
Do you agree to the privacy?
Invalid Input

 

Latest News