Cyber Security
Enforcing sanctions in Australia Under GDPR, the applicability of administrative fines or sanctions to non-EU jurisdictions relies on a desired international cooperation based on reciprocity. "supervisory authorities may find that they are unable to pursue complaints or conduct investigations relating to the activities outside their borders... there is a need to promote closer cooperation among data protection supervisory authorities to help them exchange information and carry out investigations with their international counterparts". GDPR clause (116). OAIC resources on GDPR, such as this article, provide no clarification on a potential enforcement protocol, aside from a generic statement of commitment to internationally coordinated approaches to privacy regulation. I enquired directly to the OAIC and asked in writing: "How would GDPR sanctions be enforced in Australia?". The OAIC kindly replied that in essence they could not advise on the subject (well, who can then?). The Bright Side of Consumer Data Protection Complying with consumer data protection and privacy regulations, such as the EU GDPR or the Australian Privacy Act, may come at a cost of changing processes, technologies and importantly organisational cultures. Australian businesses doing, or contemplating doing business overseas, have the choice to comply with local regulations such as GDPR, disregard them and accept a risk,
or forfeit doing business in some countries. It is a business risk decision. Whether opting to comply or not with privacy regulations, investing in better consumer data protection practices has a very bright upside, because customers have growing privacy concerns and business is lost over privacy concerns according to the OAIC's Australian Community Attitudes to Privacy Survey 2017 (ACAPS). Mounir Mahjoubi, the ‘geek’ who saved Macron’s French presidential campaign from cyber attacks and now French Secretary of State for Digital, brilliantly called the opportunities that GDPR and better consumer data protection practices provide to businesses. Mahjoubi suggests (in a speech) to make the most of compliance requirements. With better data protection, businesses can: 1. 2.
Serve their clients in better ways; Build new services and innovative ways to manage data; Optimise the usage of data; and very importantly Improve data security and better manage business risk.
3. 4.
When it can be prioritised and afforded, complying with consumer data protection and privacy regulations, such as GDPR, can be a very valuable business risk management practice and a valuable business differentiator at the same time.
RMIA Annual Conference 2018
Major Matina Jewell Paul Chivers Risk Advisor - “I’m a Celebrity... Get (Retired) CSP Me Out of Here!”
Robb Eadie
Chief Risk Officer - BHP
Chris Gatford
Director & Founder - HackLabs
Dr. Hilary Lewis
Division Director, Head of Risk Culture - Macquarie Group
David Piesse
Global Insurance Lead & Chief Risk Officer - Guardtime
Deborah Goldingham Marketing & Communications Strategist
FOR MORE DETAILS AND TO REGISTER, VISIT US ON THE ALL NEW WWW.RMIACONFERENCE.COM.AU
20 | Australian Cyber Security Magazine
Peter Deans
Chief Risk Officer - BOQ
David Coleman
Assistant Minister for Finance Federal Government of Aus.
Grant Hehir
Audtor General - Australian National Audit Office
RISK MANAGEMENT INSTITUTE OF AUSTRALASIA