The Australian government’s mandatory notifiable data breach (NDB) scheme comes into effect on 22 February, requiring businesses affected by eligible data breaches to notify the relevant individuals and the Office of the Australian Information Commissioner as soon as possible. In Australia, this legislation mainly affects businesses that have to comply with the Privacy Act.

Meanwhile, in Europe, the General Data Protection Regulation (GDPR) also requires organisations to keep personal information safe from hackers and imposes significant fines on organisations that fail to comply. This legislation comes into effect in May this year.

Adam O’Neill, managing director, Australia, Y Soft, said, “On the surface it may seem that GDPR doesn’t apply to most Australian businesses. However, it would be a mistake for Australian businesses to behave as though these regulations are irrelevant, since keeping personal information safe goes beyond a simple compliance requirement. Businesses that can demonstrate that they take privacy seriously, regardless of whether they’re legally obliged to, can build trust and loyalty with customers and stakeholders.

“While the Australian regulation generally applies mainly to organisations covered under the Privacy Act, the GDPR requires all organisations that do business with any European entity to comply.”

That means an Australian business that’s not covered by the Australian regulations may still be subject to the European legislation, according to the Office of the Australian Information Commissioner.*

Australian organisations need to consider the personal identifiable information of individuals present in their enterprise systems, such as the company’s print/copy/scan infrastructure. They must also understand their responsibilities regarding keeping that information safe from unauthorised access.

The penalties for failing to notify affected individuals and the OAIC of a breach can include fines and civil penalties. However, it may be harder for organisations to recover from the reputational damage that can be done when customers decide they can’t trust a business to protect their personal information.

“Australian businesses looking to bolster their privacy credentials, and build stronger trust with customers and stakeholders, should review their print infrastructure systems immediately to ensure there are adequate protections in place for securing personal data and how that data is processed within their various print, scan or copying processes.”

*https://www.oaic.gov.au/resources/engage-with-us/consultations/australian-businesses-and-the-eu-general-data-protection-regulation/consultation-draft-australian-businesses-and-the-eu-general-data-protection-regulation.pdf