New data laws - how will these affect Australian organisations?

We all know data is the essence of any organisation. Data is money and where money is concerned the need to protect and leverage from this becomes a major priority.

The Federal Government announced its intention to legislate a national Consumer Data Right (CDR) late last year and now this legislation is spreading sector by sector starting with Banking.  This legislation reflects the Productivity Commission’s recommendation to create a comprehensive right to data which would allow consumers to obtain a machine-readable copy of their own digital data.  The CDR will now give customers the right to share their transactions, usage and product data with service competitors and comparison services if they wish to do so.

Recent news have indicated that the ACCC is welcoming the introduction of this general data right for all consumers and the$20 million from the Federal Budget to oversee its implementation over the next four years. The OAIC and ACCC will have separate but complementary enforcement roles in relation to this new law.

• OAIC – have primary responsibility for individual consumer complaints,
• ACCC - will focus on ensuring the system as a whole operates as intended, including supporting competition and good consumer outcomes. They will develop rules and an accreditation scheme to ensure the implementation of the CDR and approve technical standards.

With the CDR being implemented in a sector-by-sector approach, Banking is the first sector to be designated with this. Open Banking is the application of the CDR and will be implemented in phases with the aim that major banks make data on credit cards, debit cards, deposit and transaction accounts, mortgages and remaining products be available by 2019-2020

Moving from a national scale to an international one, the European Union has enforced their General Data Protection Regulation from 25th May 2018. Even though this regulation is made effective in Europe, any organisation from any country that deals with Europe in their businesses are subject to comply with this.

However, this does beg the question; doesn’t the Privacy Act highlight the same things in the GDPR?

The answer is yes, but there are still some differences and if not understood properly can place Australian businesses in hot water. The key differences are:

1. Compliance –the Privacy Act includes a threshold stating that business with annual revenue less than $3 million does not need to comply with it, whereas the GDPR applies to business of all sizes and revenue.
2. “Serious harm”- Privacy Act: Notifiable Data Breach Scheme – organisations are to report data breaches to relevant parties where serious harm is possible. Whereas GDPR states all breaches must be reported.
3. Penalties – the highest penalty for breaching Privacy Act is a fine for $2.1 million however if business breach the GDPR can be fined the highest of either €20 million; or 4% of their total worldwide annual turnover of the preceding financial year.

Ultimately, the rise of online businesses has called for a wide-scale protection of personal data and as such it is important that Australian businesses, especially online businesses, remain up-to-date with these new laws and regulations to avoid possible penalties.

Still interested? Stay tuned for information on upcoming conferences and summits by following us on Facebook @ Akolade Aust 

Written by: Vishi Peters 

Vishi is a Conference Producer of Akolade’s Government and Digital portfolio. She has a strong interest in current affairs and enjoys giving an educated opinion about emerging trends. She is passionate about photography, enjoys playing cricket and cooking different cuisines and expanding her knowledge of food

Follow me on LinkedIn for information regarding future Akolade events as well as future blogs posts @ Vishi Peters