Notification of Data Breach / General Data Protection Regulation

Data Protection affects us all – whether we hold personal data, or it’s our personal data being held – and 2018 is bringing with it some new government legislation to improve protection for individuals whose data is held by organisations:

  • ​22 February 2018 – the Australian Government’s Notifiable Data Breach (NDB) commences
  • 25 May 2018 – the European Union’s General Data Protection Regulation (GDPR) comes into effect

The NDB – or Privacy Amendment (Notifiable Data Breaches) Act 2017 – delivers extra public/consumer protection by requiring organisations covered by existing Privacy Act 1988 regulations to notify individuals concerned, and the Australian Information Commissioner, if there is likely to be a risk of serious harm resulting from a data breach.

Notifiable Data Breaches include, but are not limited to:

  • Loss or theft of a device containing clients’ personal information
  • Hacking of a database containing personal information
  • Erroneous provision of personal information to the wrong person

NDB regulations improve the protection of personal information, provide transparency in how organisations deal with data breaches and build public confidence in how personal information is handled, stored and protected.In the event of a breach, notified individuals can take immediate steps to negate, or at least limit, damage resulting from compromised data.

GDPR, described by the EU as “the most important change in data privacy regulation in 20 years” is designed to “protect all EU citizens from privacy and data breaches in an increasingly data-driven world”.

How does that affect us here in Australia?Quite simply, the regulations apply to EU organisations processing data – regardless of whether that data is processed inside the EU or not.Australian organisations, either independent or subsidiaries of EU organisations, can be called upon to provide information to their client or parent to satisfy GDPR requirements.Further, “Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU”.

Knowledge and understanding of GDPR is essential for any Australian organisation dealing with the EU.GDPR’s Breach Notification rules, for example, require notification, within 72 hours of discovery, of any breach likely to “result in a risk for the rights and freedoms of individuals”.

Further Information on NDB and GDPR is available at these websites:

The IT Agency can provide information, help and guidance to any organisation looking to find out how the new regulations will affect them.Keep up-to-date with changing regulations and remain Connected, Protected and Productive – by talking to the experts here at The IT Agency.