Are you aware that in three weeks’ time (25th May, 2018), the European Union’s General Data Protection Regulation (GDPR) will come into play? The new legislation is designed to improve the protection of personal data for EU citizens by enforcing new regulations on how data is collected, processed and particularly how organisations obtain consent over the use of data. Heavy fines apply if any EU personal data is breached.
With a continued rise in the frequency and severity of unprecedented cyberattacks facing Australian organisations, coupled with a close relationship with the EU (Australia exported over $30 billion worth of goods and services to the EU in 2016), and significant fines associated with increased legislation. It is paramount that Australian Businesses understand the new regulations and how they can impact their business.
Who must comply with GDPR?
The Office of the Australian Information Commissioner (OAIC) has put together significant resources on adherence and compliance which should be read.
The OAIC highlight that GDPR applies to any Australian business;
- – with an office in the EU,
- – whose website targets EU customers or enables payment in Euros,
- – whose website mentions customers or users in the EU,
- – businesses that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals.
Who should comply with GDPR?
Aside from those who must comply, one question Australian businesses should be asking is;
- – Is it time for all Australians organisations to implement a higher privacy protection for their customers/clients?
- – Will compliance give those complying a competitive advantage?
- – Should Australians be afforded the same protections as EU citizens?
If you answered yes to any of the above questions, then regardless of your legal obligation to implement GDPR, It is in the best interest of business and the Australian public to make a move towards stricter personal data protection, in particular to protecting against cybersecurity breaches.
What happens if my EU Data is Breached?
“A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment” (Wikipedia)
Australian organisations are already required by law to report any data breach to the Australian Cybersecurity Council. Further to this, you will need to report any breach to the EU regulatory body within a 72-hour breach notification window or face fines up to 4% of your global revenue or up to 20 Million Euros whichever is greater! If breached, the EU has the right to audit your records, and if deemed ‘not in order” due to a lack of consent or the way an organisation has chosen to process or store the information, steeper fines could be applied.
How do I work towards compliance of GDPR?
Manage and minimise your risk by conducting a series of assessments;
- – Review your legal obligation and read the OAIC detailed reports,
- – Complete a Risk Assessment including an employee risk evaluation. (Contrary to belief, data breaches are a people centric problem),
- – Complete a Data Management Review to understand where your data is held and who is responsible for its protection.
Most importantly, you need to have an IT security Audit completed to ensure you network infrastructure is protecting your organisation. Undertaking a detailed security assessment is a crucial step in understanding the vulnerabilities of your entire IT Infrastructure ecosystem. NetWireless consultants are specialists in auditing wired and wireless networks and can visit on site to:
- – Assess the health of your network (Access Points, Routers, Switches and Controllers),
- – Notify you of any manufacturer updates, patches and/or requirements
- – Assess the WLAN/LAN and guest set up, licences and certificates
- – Traffic Assessment on the network and guest networks to outline improvements in flow.
- – Network Access Controls (NAC) criteria
- – Firewall policies, patches and latest codes
If you feel it is time for a security audit, Contact NetWireless Today.
NetWireless is a multi-disciplinary IT network and management company specialising in wired and wireless design, deployment, security and managed services. Speak to our technical consultants today (CALL 1300 324 844) to ensure your network infrastructure needs are met.