Client Support

Remote Support

Windows Windows Apple Apple Google Play Store Google Play Store Apple App Store Apple App Store
Already a client, or need further help? Contact Epic IT support.
08 9228 2945
Data Breach Security

More about the NDB Scheme

Our Solutions / Cyber Security services

What is the NDB Scheme?

The Notifiable Data Breach Scheme came into effect on 22nd February 2018. The NDB scheme requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In the notification process the organisation must also outline recommendations about steps individuals should take in response to the breach. As part of the obligation for organisations to report these data breaches, the Australian Information Commissioner must also be notified of the data breach. Epic IT will help you in preparing for the NDB Scheme by implementing additional security services to help mitigate data breach threats.

Managed cyber security solutions.

Epic IT have developed a cyber security solution that equips organisations with the necessary tools to reduce the risk of eligible breaches occurring. We make it very affordable to receive a great range of cyber security by offering a great selection of plans.

lets discuss your cyber security needs

Who needs to comply with the NDB Scheme?

Every business should take necessary precautions to protect their data from a breach situation. The NDB scheme strictly requires for following entities to comply:

  • Any government agency, not for profit organisation or business with an annual turn over for 3 million dollar or more
  • Credit reporting bodies
  • Health service providers
  • Entities that trade in personal information
  • Tax File recipients

Are all SBO exempt?

Not all small business operators (SBO) are exempt from NDB. A SBO must comply with NDB that either:

  • Holds health information and provides a health service
  • Is related to an APP entity
  • Trades in personal information.
  • Is a credit reporting bodies
  • Is an employee associations registered under the Fair Work (Registered Organisations) Act 2009
  • Has ‘opted-in’ to APP coverage under s 6EA of the Privacy Act.

What happens if you don’t comply with NDB Scheme?

Organisations are required to notify the OAIC in addition to notifying individuals affected by an ‘eligible data breach’. Failures to comply with the NDB scheme can attract fines up to $2.1 million.

NOTE: Information have been sourced from the Office of Australian Information Commissioner (OAIC) website. Please visit their website for further information about the NDB Scheme.

What is GDPR and how does it differ from NDB?

GDPR is an EU law quite similar to the NDB Scheme however its scope extends globally. Coverage includes any organisation that processes EU resident’s personal data.

From 25 May 2018, data breaches need to be reported to the supervisory authority. Reports must be done within 72 hours of first having become aware of the breach that has been deemed to be a “risk for the rights and freedoms of individuals”. In addition, data processors are required to report all personal data breaches to their controllers (their customers) within this period.

Organisations in breach that fail to comply with the GDPR do face hefty fines. Organisations may be fined up to 4% of their annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements. A tiered fine approach exists for lesser breaches of GDPR. For example, a company can be fined 2% for not having their records in order. Or may be fined for not notifying the supervising authority and data subject about a breach. Companies may also be fined for not conducting impact assessment.

NOTE: Information have been sourced from the EUGDPR.org website. For further information about the GDPR, please visit the website

want to see how we can help?

Like to learn more about our services?

Please let us know what you are chasing and we will respond same day.