Just last month a watershed moment for Australian businesses and consumers came to pass – the activation of the Notifiable Data Breach Scheme. Some might call it D-Day for business, with ‘D’ standing for ‘Disclosure’ in this case.
As significant as this is, it’s not the only data legislation that will affect Australian businesses for the first time this year. On May 25, Europe’s far reaching General Data Protection Regulation (GDPR) takes effect.
In both cases – the Australian Notifiable Data Breach Scheme and the GDPR – there are harsh penalties for businesses who fail to take the necessary steps to protect consumers’ data or to notify the authorities if you do have a breach.
For Australian businesses, including small and medium-sized businesses, you need to be on top of your GDPR obligations if you have an establishment in the EU, if you offer goods and services in the EU, or if your business monitors the behaviour of individuals in the EU.
The Australian Notifiable Data Breach (NDB) scheme calls on businesses to disclose to both affected customers and the authorities if you have a data breach “likely to result in serious harm” to those whose data is involved. Non-compliant businesses could be hit with fines of up to $1.8 million and untold reputational damage. Many organisations are not aware that they are affected.
Data protection as best practice – new laws or not
While Microsoft believes that there is an urgent need for governments across the world to take steps to try to coordinate their legislation so that there are fewer conflicting obligations for businesses – after all, data knows no borders – we also think this is an ideal time for businesses large and small to seriously consider their data strategies. And not just because of these new regulations coming into force.
Data is the new currency of the digital economy and should be treated as such. Regardless of the law, there are genuine and growing threats to data security and it’s in any business’s interest to ensure customer data and IP are protected like the assets that they are.
Rather than an overhead, a data asset strategy can be a proactive step towards creating a culture of data security that customers and regulators demand in the modern information age and that business competitiveness depends on. From large corporations to SMBs, 2018 should be a year when business leaders truly take ownership of their data.
As with other asset strategies, like those managing property, a data asset strategy should address how an organisation plans on acquiring, using and disposing of data in a legally compliant way. The good news is that Microsoft knows that technology plays a key part in helping businesses meet any of their evolving needs and in taking away some of the burden. Microsoft has and continues to invest in additional features and functionality to help organisations meet their compliance goals.
As part of Microsoft 365, this includes tools that help with the four key steps that can put you on a path to GDPR and NDB compliance: discovery, management, protection and reporting. Discovering if you are subject to the GDPR or NDB and what data is affected; managing personal data to help keep it secure and private; incorporating privacy-by-design and privacy-by-default methodologies which, make it easier to be compliant from the start; ensuring reporting is up to standard when required with data reporting tools.
A recent study shows 44 per cent of Australian businesses – including larger companies with legal, risk and compliance staff – were not fully prepared for the implementation of the NDB scheme. Taking proactive steps to look at your data as an asset, not an overhead, will make avoiding becoming another statistic a more manageable prospect.