As theNotifiable Data Breaches (NDB) requirements roll in this week, now is a good time to think about GDPR and its implications for Australian businesses, according to Y Soft.
Europe's General Data Protection Regulation (GDPR) will come into effect in May 2018. It requires organisations to keep information that belongs to EU citizens safe from hackers and breaches. It imposes hefty fines for organisations that fail to comply.
According to Y Soft's Australian managing director Adam O'Neill, some businesses may believe that GDPR doesn't apply to them – at least on the surface.
“It would be a mistake for Australian businesses to behave as though these regulations are irrelevant, since keeping personal information safe goes beyond a simple compliance requirement. Businesses that can demonstrate that they take privacy seriously, regardless of whether they're legally obliged to, can build trust and loyalty with customers and stakeholders.
He says that while the Australian NDB requirement generally applies to organisations covered under the Privacy Act, the GDPR requires all organisations that do business with any European entity to comply.
Australian business that's not covered by the Australian regulations may still be subject to the European legislation, according to the Office of the Australian Information Commissioner.
According to Y Soft, Australian organisations need to think about all of the personally identifiable information belonging to all individuals present in their enterprise systems, even down to the company's print/copy/scan infrastructure.
The company adds that while official penalties for organisations that fail to notify affected individuals and authorities in the event of a breach, it could be harder to recover in other areas, including damage to reputation from customers, particularly if customers don't think they can trust a business with their personal information.
“Australian businesses looking to bolster their privacy credentials, and build stronger trust with customers and stakeholders, should review their print infrastructure systems immediately to ensure there are adequate protections in place for securing personal data and how that data is processed within their various print, scan or copying processes.”