The Notifiable Data Breach Scheme came into effect on 22nd February 2018. The NDB scheme requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In the notification process the organisation must also outline recommendations about steps individuals should take in response to the breach. As part of the obligation for organisations to report these data breaches, the Australian Information Commissioner must also be notified of the data breach. Epic IT will help you in preparing for the NDB Scheme by implementing additional security services to help mitigate data breach threats.
Epic IT have developed a cyber security solution that equips organisations with the necessary tools to reduce the risk of eligible breaches occurring. We make it very affordable to receive a great range of cyber security by offering a great selection of plans.
lets discuss your cyber security needs
Every business should take necessary precautions to protect their data from a breach situation. The NDB scheme strictly requires for following entities to comply:
Not all small business operators (SBO) are exempt from NDB. A SBO must comply with NDB that either:
Organisations are required to notify the OAIC in addition to notifying individuals affected by an ‘eligible data breach’. Failures to comply with the NDB scheme can attract fines up to $2.1 million.
GDPR is an EU law quite similar to the NDB Scheme however its scope extends globally. Coverage includes any organisation that processes EU resident’s personal data.
From 25 May 2018, data breaches need to be reported to the supervisory authority. Reports must be done within 72 hours of first having become aware of the breach that has been deemed to be a “risk for the rights and freedoms of individuals”. In addition, data processors are required to report all personal data breaches to their controllers (their customers) within this period.
Organisations in breach that fail to comply with the GDPR do face hefty fines. Organisations may be fined up to 4% of their annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements. A tiered fine approach exists for lesser breaches of GDPR. For example, a company can be fined 2% for not having their records in order. Or may be fined for not notifying the supervising authority and data subject about a breach. Companies may also be fined for not conducting impact assessment.
NOTE: Information have been sourced from the EUGDPR.org website. For further information about the GDPR, please visit the website
want to see how we can help?
Like to learn more about our services?
Please let us know what you are chasing and we will respond same day.