Privacy regulation and the safe and effective handling of data is a risk area of increasing significance for business owners. There are significant financial and reputational implications for potential breaches. Failure to comply with the Privacy Act 1988 (Cth) (Privacy Act) can attract penalties of up to $2.1 million, with the Australian government planning to increase this penalty to $10 million for serious breaches.
For those businesses that are required to comply with the European Union’s General Data Protection Regulation (GDPR), non-compliance has the potential to attract maximum penalties of $20 million euro or 4% of annual global turnover (whichever is greater). With such steep penalties and the risk of reputational damage, it’s little wonder many companies are ramping up their privacy compliance measures.
January 28 is Data Privacy Day
To mark the occasion, we’ve compiled below a simple checklist of data protection measures to kickstart, or review, your business’ privacy management program. Operationalising privacy compliance is a complex process requiring a comprehensive approach. Why not use this week as an opportunity to map out what’s needed in your business , and commit to taking small steps towards ongoing compliance throughout the year?
According to statistics compiled by Australia’s federal privacy regulator, the Office of the Australian Information Commissioner (OAIC), as many as one in three data breaches are caused by ‘human error’, including as staff not following standard procedures (or worse, procedures not even being in place). It’s important that businesses promote an organisational culture that respects privacy, one which recognises the importance of data protection and privacy compliance across all of the company’s systems and processes.
Here are 5 key steps to support your privacy compliance, that your business can start actioning today:
- Conduct a Risk Assessment: conduct a thorough Privacy Audit, including data mapping, to understand what personal data the business holds and how it is managed.
- Confirm Back-end compliance documentation: develop or review your policies and procedures to support privacy compliance, including your Data Breach Response Plan and privacy policies.
- Implement customer facing communicationsensure you use appropriate privacy notifications and incorporate privacy design into your website development and online forms.
- Take a holistic approach:secure buy-in from key stakeholders across the business to ensure privacy risks are identified and addressed in a cohesive way.
- Promote an organisational culture that respects privacy: embed privacy compliance into all of your data handling. Building data protection into staff training, and the design of personal data handling systems and processes, helps to combat the risks associated with human error in the data handling chain.
To help you work through this checklist, you’ll want to take note of the following:
Programmes and training
Ensuring that there is open communication and a cohesive approach to data protection across the business will help to ensure all privacy risks are identified and addressed.
Company-wide policies
Many businesses make the mistake of assuming their data is safe because they have robust cyber-security or a diligent legal department. While these are certainly important for data protection, every staff member in every department has a role to play in ensuring that your customer and other data is safeguarded.
Cross-departmental buy-in and expert advice
Recognise that privacy compliance has impacts and responsibilities across all of the limbs of the business (IT, marketing, sales, legal, HR etc.) and every business unit has a role to play.
Privacy compliance must be more than a box ticking exercise. If data protection is not truly embedded in your business’ culture an across its operations the risk of human error increases exponentially. Documentation, including policies and procedures, is important but operationalising privacy compliance across the business is what is really needed to address risk.
As this can be a complex process, it can be very useful to have specialist privacy compliance advice from a trusted thought partner, one that dives deep to understand all of the areas of your businesses and its functions.
Got questions? Book a complimentary 30-minute strategy session with a PBLawyer today. Call 1300 774 788 or email service@peripheralblue.com.au.
Products & Services
1300 774 788
service@peripheralblue.com.au
Suite 17, 116-120 Melbourne St, Nth Adelaide, SA 5006
© 2023 Peripheral Blue | All Rights Reserved | ABN 61855198272 Privacy Policy | Terms & Conditions
Products & Services
1300 774 788
service@peripheralblue.com.au
Suite 17, 116-120 Melbourne St, Nth Adelaide, SA 5006
© 2023 Peripheral Blue | All Rights Reserved
ABN 61855198272