Protecting Privacy - Ensuring Your Organisation Is Ready For Regulation

Every week it seems there’s a new corporate security breach uncovered, and it seems like companies prefer to conceal the security breach and pay the ransom quickly – given that it’s often cheaper than the financial and reputational liabilities that come with disclosing a security issue.

Some companies operating in the Asia Pacific region may soon have to own-up if their customer data has been compromised, or face stiff penalties. In Australia, the Notifiable Data Breaches (NDB) amendment to the Privacy Act will force companies operating locally to report data breaches to the Office of the Australian Information Commissioner, as well as make the data loss known to the public. This legislation comes into effect on 22 February 2018.

The European Union’s General Data Production regulation (GDPR), effective in May 2018, is another game changing regulation. The GDPR will be the first global data protection law, as it applies to the organizations that control or process personal data of EU residents anywhere in the world. That means Asia Pacific businesses that process EU resident’s personal data will fall under the scope of the GDPR.

Both the Notifiable Data Breaches amendment and the GDPR lay out hefty penalties for non-compliance – organizations in breach of the GDPR could be liable for fines up to four per cent of annual global turnover or 20 million Euros (whichever is higher). Perhaps more importantly, there is the potential for reputational impact, which can often be harder to quantify.