More about the NDB Scheme

The Notifiable Data Breach Scheme came into effect on 22nd February 2018. The NDB scheme requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In the notification process the organisation must also outline recommendations about steps individuals should take in response to the breach. As part of the obligation for organisations to report these data breaches, the Australian Information Commissioner must also be notified of the data breach. Epic IT will help you in preparing for the NDB Scheme by implementing additional security services to help mitigate data breach threats.

Every business should take necessary precautions to protect their data from a breach situation. The NDB scheme strictly requires for following entities to comply:

GDPR is an EU law quite similar to the NDB Scheme however its scope extends globally. Coverage includes any organisation that processes EU resident’s personal data.

From 25 May 2018, data breaches need to be reported to the supervisory authority. Reports must be done within 72 hours of first having become aware of the breach that has been deemed to be a “risk for the rights and freedoms of individuals”. In addition, data processors are required to report all personal data breaches to their controllers (their customers) within this period.

Organisations in breach that fail to comply with the GDPR do face hefty fines. Organisations may be fined up to 4% of their annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements. A tiered fine approach exists for lesser breaches of GDPR. For example, a company can be fined 2% for not having their records in order. Or may be fined for not notifying the supervising authority and data subject about a breach. Companies may also be fined for not conducting impact assessment.