Client Support

Remote Support

Windows Windows Apple Apple
Already a client, or need further help? Contact Epic IT support.
08 9228 2945
Data Breach Security

More about the NBD Scheme

Our Solutions / Data Breach Security

What is the NDB Scheme?

The Notifiable Data Breach Scheme came into effect on 22nd February 2018. The NDB scheme requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In the notification process the organisation must also outline recommendations about steps individuals should take in response to the breach. As part of the obligation for organisations to report these data breaches, the Australian Information Commissioner must also be notified of the data breach. Epic IT will help you in preparing for the NDB Scheme by implementing additional security services to help mitigate data breach threats.

Seen our data breach solutions?

Epic IT have developed data security solutions equipping organisations with the necessary tools to reduce the risk of eligible breaches occurring. We make it very affordable to deploy even a basic cover by offering a good selection of plans. Some plans are better suited to different industries and contain varying levels of security features.

Who needs to comply with the NDB Scheme?

Every business should take necessary precautions to protect their data from a breach situation. The NBD scheme strictly requires for following entities to comply:

  • Any government agency, not for profit organisation or business with an annual turn over for 3 million dollar or more
  • Credit reporting bodies
  • Health service providers
  • Entities that trade in personal information
  • Tax File recipients

Are all SBO exempt?

Not all small business operators (SBO) are exempt from NBD. A SBO must comply with NBD that either:

  • Holds health information and provides a health service
  • Is related to an APP entity
  • Trades in personal information.
  • Is a credit reporting bodies
  • Is an employee associations registered under the Fair Work (Registered Organisations) Act 2009
  • Has ‘opted-in’ to APP coverage under s 6EA of the Privacy Act.

What happens if you don’t comply with NDB Scheme?

Organisations are required to notify the OAIC in addition to notifying individuals affected by an ‘eligible data breach’. Failures to comply with the NDB scheme can attract fines up to $2.1 million.

NOTE: Information have been sourced from the Office of Australian Information Commissioner (OAIC) website. Please visit their website for further information about the NBD Scheme.

What is GDPR and how does it differ from NDB?

GDPR is an EU law quite similar to the NDB Scheme however its scope extends globally. Coverage includes any organisation that processes EU resident’s personal data.

From 25 May 2018, data breaches need to be reported to the supervisory authority. Reports must be done within 72 hours of first having become aware of the breach that has been deemed to be a “risk for the rights and freedoms of individuals”. In addition, data processors are required to report all personal data breaches to their controllers (their customers) within this period.

Organisations in breach that fail to comply with the GDPR do face hefty fines. Organisations may be fined up to 4% of their annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements. A tiered fine approach exists for lesser breaches of GDPR. For example, a company can be fined 2% for not having their records in order. Or may be fined for not notifying the supervising authority and data subject about a breach. Companies may also be fined for not conducting impact assessment.

NOTE: Information have been sourced from the EUGDPR.org website. For further information about the GDPR, please visit the website

ready to start your transformation?

Need help, or have a question?

We're available seven days a week to lend a hand. Share a little info below and we'll be in touch shortly.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.