Secure your business

Navigating the year of new security compliance

Highlights
  •  The GDPR and the amendments to the Privacy Act have now come into effect for many Australian businesses.
  • To reduce complexity, organisations should identify overlapping legislation and design around the strictest requirements.
  • Compliance strategies should be designed with third-party vendors in mind.

Between the introduction of the General Data Protection Regulation and the Notifiable Data Breach scheme, the time is right to rethink your approach to security compliance legislation.

As the size, frequency and cost of cyber attacks increases, governing bodies around the world are implementing new legislation to ensure businesses are taking steps to protect themselves and their clients, and notifying customers when their personal information ends up in the wrong hands. 

Navigating the year of new security compliance

Together with the headline-dominating legislation which affect most businesses – such as Australia’s Notifiable Data Breach scheme (NDB) and the European Union’s General Data Protection Regulation (GDPR) – the variety of industry specific compliance regimes Australian businesses need to comply to can threaten to overwhelm their already limited security resources.

With these legislative trends likely to continue into the next decade, finding efficient and sustainable approaches to managing compliance adherence and reporting has never been more important.

“When it comes to data security, it's quite a complicated landscape, because we're often dealing with very detailed requirements across different regions,” says Kate Healy, Principal Cyber Security Strategist for Telstra Enterprise.

“One of the easiest ways organisations can manage these requirements are through looking at your existing compliance frameworks, looking at your existing policies and procedures, to understand what applies to you and making sure these new requirements are baked into your frameworks, policies and standards.”

However, she cautions against uncritically applying old models to new legislation.

"While we can take a lot of learnings from those frameworks, such as the risk management methodologies and understanding how to track and manage those risks, it’s important we also learn how to do this in a more efficient manner."

For most organisations, the most fundamental efficiency driver will be identifying legislative overlap, where a single policy can meet multiple needs.

For instance, the Australian Government’s Notifiable Data Breach scheme requires organisations to disclose a breach within 30 days, while the GDPR requires your organisation to respond within 72 hours– making it advantageous for organisations affected by both to design their policies around the stricter of the two requirements.

"The changes to GDPR are going to be quite complicated and costly for a lot of organisations, the reason being is there's a couple of unique provisions which are going to make workflows more complicated," says Kate.

"For example, the right to be forgotten is quite a challenge for a lot of organisations. Not only do they have to make changes to their existing systems to make sure they have that capability, they also need to consider how they can make sure this is also replicated through their backups and also through their third-party suppliers."

Of course, despite the additional pressure security compliance will put on organisations in the years to come, there are benefits to taking the time to get these things right.

"At the end of the day, organisations are becoming more and more complex. We're seeing an uptake of Internet of Things, we're seeing more and more operational technology being placed onto IP networks. We're also seeing more organisations introduce Bring Your Own Devices into the organisation,” says Kate. “Complying with the regulations is not only the law, it can also help you make your business more secure for your customers, and your employees, and manage these new technologies"

“Compliance frameworks can actually help us in these spaces. They can bring a consistency in the organisation in ensuring we have the right security controls in place, thereby reducing cost and risk across an organisation.” 

Kate Healy, Principal Cyber Security Strategist, Telstra

Understanding the security of your existing data is the first step to approaching encroaching compliance. Find out how we can help you understand your position with our Cyber Security Health Check.

Find out how

Related News

Harnessing IoT to protect our precious resources
Create transformative innovation
Create transformative innovation
Harnessing IoT to protect our precious resources

The Internet of Things (IoT) is helping to better conserve, monitor and intelligently manage the utilities that we all depend on: electricity, gas and water. Whether it's savin...

Paper be gone: FACS embraces mobile working
Liberate your workforce
Liberate your workforce
Paper be gone: FACS embraces mobile working

How the NSW Department of Family and Community Services' (FACS) Housing Connect digital transformation program is helping staff spend more time with the tenants who need them. ...

Drakes Supermarkets: A case study in network resiliency
Optimise your IT
Optimise your IT
Drakes Supermarkets: A case study in network resiliency

How Drakes Supermarkets revamped its 50-store IT system and network with new tech to be more efficient, resilient and easier to manage. For businesses with a number of location...

Smile and say security: Video surveillance as a service
Secure your business
Secure your business
Smile and say security: Video surveillance as a service

As Australian businesses grapple with the need to keep their business and data secure, more and more are integrating advanced electronic security devices to improve their aware...