Data Privacy

Can your organisation respond to and protect your customers data privacy rights? Do you comply with the powerful new GDPR and Notifiable Data Breach privacy regulations in force locally and around the world? Are you able to support partners who are required to meet those regulations, or are you missing opportunities because you are not compliant? At Astrum we can help you design and implement a data breach response plan and manage your customers privacy rights, support your business partners and comply with the new regulations

Notifiable Data Breach (NDB)


The NDB scheme in Part IIIC of the Privacy Act 1988 (Cth) requires organisations to notify affected individuals and the Commissioner of eligible data breaches.


All organisations should have a data breach response plan which enables an organisation to respond quickly to a data breach.


Organisations subject to the NDB scheme are required to conduct an assessment of ‘suspected’ eligible data breaches and take reasonable steps to complete this assessment within 30 days.


Source: Data breach preparation and response — A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth), the Office of the Australian Information Commissioner, February 2018


GDPR Notification of a personal data breach


The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms those individuals must be informed without undue delay.

Source: Regulation (EU) 2016/679 (General Data Protection Regulation), Chapter 4 (Art. 33)