Can your organisation respond to and protect your customers data privacy rights? Do you comply with the increasingly powerful privacy regulations in force locally and around the world, such as GDPR or Australia's own Notifiable Data Breach regulations. Are you able to support partners who are required to meet those regulations, or are you missing opportunities because you are not compliant? At Astrum we can help you design and implement a privacy assurance program, build a data breach response plan, manage your customers privacy rights, support your business partners, and comply with the new regulations.
Notifiable Data Breach (NDB)
The NDB scheme in Part IIIC of the Privacy Act 1988 (Cth) requires organisations to notify affected individuals and the Commissioner of eligible data breaches.
All organisations should have a data breach response plan which enables an organisation to respond quickly to a data breach.
Organisations subject to the NDB scheme are required to conduct an assessment of ‘suspected’ eligible data breaches and take reasonable steps to complete this assessment within 30 days.
Source: Data breach preparation and response — A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth), the Office of the Australian Information Commissioner, February 2018
GDPR Notification of a personal data breach
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms those individuals must be informed without undue delay.
Source: Regulation (EU) 2016/679 (General Data Protection Regulation), Chapter 4 (Art. 33)