In 2024, the Federal Government will legislate to change Australia’s Privacy Act to bring the law into the digital age. These reforms will strengthen consumer privacy rights and establish a more robust framework for data management and security. These changes will affect every single Australian organisation (including Small Businesses).
If you’re not across how your data is managed, stored, handled and destroyed, you need a Privacy Impact Assessment now to ensure your organisation is prepared for these changes.
Australia has lagged behind most countries with the protection of privacy data. Recent large scale data breaches (like Optus and Medibank) have impacted millions of Australians' personal details.
The 2023 survey results on Australia's attitude to privacy by the Office of the Australian Information Commissioner (OAIC) revealed just how significant a concern privacy is.
Australians want the government to legislate to protect privacy more
of Aussies want to be able to seek compensation in court for privacy breaches
of Australians see protection of their personal information as a major concern in life
Privacy is the third most important factor to Aussies when selecting a product (only behind quality & price)
To draw a parallel with the GDPR privacy laws in the EU, eighty eight percent of global companies said GDPR compliance alone costs their organization more than $1 million annually, while 40% spend more than $10 million.
For most Australian organisations becoming compliant is likely to be a significant, multi-year project. Changes to Australia's Privacy Laws will impact your HR, Payroll, Marketing, Sales, IT and Security departments.
Failure to comply with GDPR resulted in significant fines, from smaller ones like €4,800 penalty for an unlawful CCTV system, to the hefty €50 million fine to Google for processing personal data without receiving valid consent from users.
In Australia, the current penalty for serious privacy breaches is $50 million or 30% of an organisation’s domestic turnover. It's likely these fines will increase with new legislation as will the Office of the Australian Information Commissioner's power to enforce them.
So, if there’s something to learn from the impact of GDPR compliance, it’s not whether Australian businesses should pay attention to these changes, but how quickly can you get prepared for this overhaul to your data systems and digital marketing.
The reality is stricter privacy laws are coming, most organisations are not ready and it will pay to get ahead of the changes early.
In Australia, the current penalty for serious privacy breaches is $50 million or 30% of an organisation’s domestic turnover. It's likely these fines will increase with new legislation.
Revium Queensland Director, Rebecca White, explains who will end up the winners and losers of Australia's new privacy laws, following a new privacy report released by the Federal Government.
While greater privacy presents as good news for the public, for business and particularly for the digital industry, it will bring a lot of heartache, cost and complexity.
Every Australian Business. Even if your organisation has strong data privacy policies, processes and infrastructure established, getting up to speed is likely to be a major, multi-year project.
These changes will have significant impact across your systems, processes and people, requiring a coordinated approach from every department in your organisation including:
IT and Security Teams
Operations and HR
Sales and Marketing
Payroll and Financial
Revium has a structured approach to assist organisations in preparing for the upcoming changes to Australia's Privacy Laws.
Our offerings include free virtual presentations and/or face-to-face workshops designed to guide you in preparing for the changes in Australia's Privacy Law. Throughout these sessions, we empower you and your team with essential background information on Australia's privacy laws, delve into the growing public demand for more stringent privacy policies, and outline the key pillars that will be most affected by the upcoming laws.
Following the educational phase, we transition to a Privacy Law Preparedness Assessment. This is an initial, high-level evaluation aimed at providing insight into your organisation's readiness for the impending privacy law reforms.
The assessment comprises:
A survey to be completed by relevant stakeholders
Workshops with key stakeholders
Scoring against six data categories
A Threshold Assessment Report
By the end of this assessment, you'll gain clarity on the magnitude of the required efforts and a comprehensive understanding of areas of risk pertaining to both current and future state laws.
Based on the Threshold Assessment, we will deep dive into all the PII interactions in your organisation. The inclusions of this step will be bespoke and tailored to your organsiations specific needs. Possible actions could include:
Policy and Procedure Review (incl. Data breach processes and tools review)
Existing security Mechanisms Review
Marketing Processes Review
Employee data consent review
Detailed data map development including - what data you have, where it’s stored, how it’s managed, who has access, where it can move to/from, what triggers movement, destruction process, etc.
Delivery of a full Pii Assessment Report (including data map) with next step recommendations
At the conclusion of this step, you will have a comprehensive view of your current PII data systems, processes and handling, plus areas that require remediation to comply with the upcoming changes to legislation.
Getting ready for these changes will be multi-year process for most organisations. It could require changes to many of your foundational technology systems as well as a complete rethink of your digital marketing strategy. It’s important to start now and spread the effort and cost across the next 18 months.
Started with our free workshop or virtual presentation.