In case you have not noticed, the conversation regarding privacy and data protection has shifted from the data room to the board room.

We recently attended a CEDA event where Alastair MacGibbon, Department of the Prime Minister and Cabinet, Special Adviser to the Prime Minister on Cyber Security explained how events such as the Australian Bureau of Statistics Census failure in 2016 and recent front page cyber security attacks had shifted the conversation significantly.

“Secretaries and agency heads were suddenly having a discussion about risk rather than compliance… resilience of their services rather than just delivery.” He explained that this shift was not confined to Canberra but a phenomenon occurring all across Australia.

In Australia, two significant laws mean that now is the time for organisations to be conducting a detailed ‘health check’ on their privacy resilience as well as considering and preparing for new privacy laws which may impact them.


From 25 May 2018, a new regime of personal data protection requirements in the European Union known as the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) will come into effect.

The GDPR has unprecedented extra-territorial reach. Your Asia Pacific organisation will be caught by the GDPR if it processes the ‘personal data’ of people in the EU and meets one of the following criteria:

  • Your business offers goods or services to people in the EU;
  • Your business monitors the behaviour of people in the EU; or
  • Your business has an office in the EU.

Businesses face fines of up to 4% of annual global turnover or €20 million if they are in breach of the GDPR when it comes into effect.

For more information on the key aspects of the GDPR and practical ways to prepare for it, you can access this user-friendly guide that Maddocks and data security experts Commvault have jointly put together.

Mandatory Data Breach

And soon organisations will have no choice but to report serious data breaches which meet certain criteria, thanks to the new mandatory data breach laws under the Australian Privacy Act 1988 (Cth) which come into force early next year.

Again, Maddocks and Commvault have joined forces to bring you some practical tips to be prepared for these new laws.