How seriously should Australian SMEs take data protection?

How seriously should Australian SMEs take data protection?

OPINION & ANALYSIS: In the footsteps of Europe’s new General Data Protection Regulation, could Australia’s businesses be next in line for heavier data protection regulation? What might this mean for Australian SMEs?

In Europe, the new General Data Protection Regulation (GDPR) is due to be implemented in March 2018, meaning that data protection will have to be taken very seriously by all businesses/companies in EU countries. Those companies which do not comply and suffer a significant data breach face fines of up to 20 million euros or 4% of their annual turnover.

With this in mind, could Australia’s SMEs be next in line for heavier data protection regulation? What might this mean for Australian SMEs? Here are some thoughts.

Data protection in Australia

The main law which currently protects data in Australia is the federal Privacy Act of 1988, which includes thirteen Australian Privacy Principles to adhere to. Whilst this does serve to keep data safe, the fact that it was introduced in 1988, before the digital age, suggests that an overhaul is long overdue.

Those businesses which do deal with a lot of data, be it the data of customers, clients, or staff, should have good safeguards in place in order to keep it safe, and be well aware of the likelihood that new data protection laws may well be introduced in Australia in the near future.

Cyber attacks

One of the reasons some countries are tightening their data protection regulation is the sheer number of cyber attacks which have occurred in the last few years, some of which have caused significant damage and resulted in the theft of countless personal details.

By tightening regulation, companies are forced to ensure that they have the best measures in place to prevent security breaches and thus the theft of private data. Since cyber attacks and threats are becoming increasingly common, having cyber security measures in place is now arguably a necessity.

Potential changes to make

For some SMEs, a complete overhaul of security systems may be necessary in order to protect sensitive data. This could range from investing in good antivirus software to setting up a robust cyber security system (usually through a professional cyber security firm).

As long as every possible measure is taken by any given SME to protect data, it is likely to be compliant with any new regulation which may come into place. It may well involve investing some more money in security, but this is likely to be a lot cheaper than a fine for losing sensitive data.

The future of data protection

It is likely that, as cyber threats continue to evolve and become more advanced, the need for even more stringent regulation may well arise. Those SMEs which operate in industries like financial services; Asset Management firms, Forex Brokers or Accountants for example, may be particularly in need of tighter security measures, as they often deal with sensitive payment details, amongst other data.

As a result of this, it is also likely that cyber security will continue to evolve, with data protection now a key part of its purpose.

It seems highly likely that a developed nation like Australia will get further data protection regulation in the future. So, it seems SMEs will have to buckle up and make sure that the data they deal with is firmly locked away from prying eyes.

TOP IMAGE: By Geralt via Pixabay


Tags assigned to this article:
businesscyber attackcybersecuritytechnology