Australian Information Industry Association
AIIA NSW GDPR Briefing - Impact of the new EU privacy law (GDPR) on Australian Businesses
Date: Friday 25 May 2018
Where: Grant Thornton, Level 17, 383 Kent Street, Sydney 2000
Contact Name:Jen Le
Price Non Member:$90.00
Table Price Member:$
Table Price Non Member:$
Impact of the new EU privacy law (GDPR) on Australian Businesses
There is a new piece of legislation that will come into force in the EU on 25 May 2018 that provides individuals with a new set of privacy rights. The law’s reach beyond the shores of the EU and extends to any person who markets or sells goods or services (including for free!) to any EU country (including the UK) and/or who monitors the behaviour of EU individuals within the EU (e.g. tracking activities of EU individuals on a website).
Unlike many other privacy laws where it is largely a legal compliance issue, the GDPR requires a complete organisational re-think of privacy, with the need to have documented procedures, proactively conduct impact assessments of risky data privacy processing, appointment of a Data Protection Officer in some cases, a ‘privacy by design’ approach to its goods and services, amendments to supplier agreements, and a comprehensive review of all marketing and administrative processes in order to comply.
Whilst acknowledging that the cost of compliance is not insignificant, the penalties for non-compliance have been set deliberately high to ensure that the cost of compliance is less than the cost of non-compliance. This law will be enforced with real teeth with penalties for breach being up to 4% of global turnover or 20m Euro, whichever is the higher. European companies will be prohibited from transferring personal information to any entity (including their local Australian subsidiaries) who cannot demonstrate its compliance with the new GDPR as from 25 May 2018. And there is no reason to believe that this won’t happen with a hard stop on 25 May 2018, as the penalties for breach are very serious, and the GDPR is backed by obligations to self-report your own breaches, with penalties for not reporting serious breaches to the authorities.
On the other hand, it provides significant opportunities, for IT companies in particular, to provide products and services that will assist companies all over the world to comply with the GDPR, and enable the efficient use and flow of secure personal information into and out of the EU.
Whilst the GDPR is the talk of the town in Europe, studies have shown that there is little awareness or GDPR in Australia, and very few companies have an action plan to comply. The reality is that with such large organisational wide impact it is probably already too late to be ready for 25 May 2018, and companies will need to be implementing GDPR and managing their exposure at the same time.
Join us at this briefing to gain further insight on:
- What the GDPR is
- What are the key obligations, and
- What are the key actions to be taking to prepare to meet the 18 May deadline.
- The Hon, Victor Dominello MP, Minister for Finance, Services and Property, NSW Government
- Matthew Green, Partner, Grant Thornton
- Mike Pym, CEO, Gordian Lawyers
- Ben Robson, Partner, Oury Clark Solicitors
The Hon, Victor Dominello MP
Minister for Finance, Services and Property, NSW Government
Victor was born and raised in the Ryde area. He went to school at Marist Brothers Eastwood before studying law. He was a partner in a commercial law firm, where he represented clients in a number of landmark cases.
Victor was elected as Member for Ryde at a by-election in October 2008. He was re-elected at the 2011 state election.
In April 2011 he was sworn in as Minister for Aboriginal Affairs and Minister for Citizenship and Communities. His portfolio responsibilities included multicultural affairs, veterans’ affairs, volunteering and youth.
Following the Liberals & Nationals Government’s re-election in March 2015, Victor was sworn in as the state’s first Minister for Innovation and Better Regulation.
His portfolio responsibilities included Fair Trading, where he led a range of consumer affairs matters including strata title, home building compensation, real estate industry reform, free-range egg labelling, brothel regulation, biofuels, residential overcrowding and the establishment of a consumer complaints register.
Victor was also responsible for implementing the NSW Government’s ICT Strategy and innovation agenda which included the establishment of a whole-of-government Data Analytics Centre and response to the collaborative economy.
In January 2017, Victor was appointed Minister for Finance, Services and Property. His portfolio responsibilities include Property NSW, Office of State Revenue and Service NSW. He has also retained responsibility for the whole-of-government Data Analytics Centre.
Prior to his parliamentary career, Victor cherished the opportunity to travel to many places around the world and looks back fondly on his experiences in India, Central and South America, Europe, the US and Asia. He is also a passionate supporter of West Tigers rugby league team.
Partner, Grant Thornton
Matthew brings 15+ years experience in providing IT assurance and advisory services to Government and private enterprise in Australia, the USA, Asia and the Middle East.
Matthew’s extensive IT assurance and advisory experience covers business and technology across strategy, governance, operations, service delivery, procurement, major projects, data management and 3rd party auditing.
Matthew’s experience allows him to impart considered, focussed advice in a clear and pragmatic way that is commercial, balanced and provides value to his clients.
Matthew has a strong capability to cut through the technology jargon and communicate with senior management and C level executives in business terms.
In working with clients Matthew has advised on technology strategy, IT governance and controls, security and privacy, business and IT resilience, infrastructure and application selection and implementation, assessed major projects for on-going viability, conducted post implementation reviews, provided on-going project QA, facilitated detailed root cause investigations and provided independent assurance over third party service provider processes and controls.
Matthew has provided IT assurance and advisory services to some of most recognised organisations in Australia including Quiksilver, 7-Eleven Stores, AustralianSuper, Superpartners, AIA Insurance, Gloria Jeans Coffees, Dun and Bradstreet, Deakin University, Swinburne University, McMillian Shakespeare, Victoria Police, VicSES, Chartered Accountants Australia and New Zealand, Vision Australia, Incitec Pivot, Americold and Apotex.
Matthew brings a significant depth of knowledge in cyber security having worked with many organisations conducting cyber security maturity assessments, testing processes and controls, running vulnerability scans and penetration testing and facilitating incident response and investigation. Matthew is the Australian lead partner for a series of global insurance underwriters leading the investigation of cyber security related incidents and insurance claims.
Matthew is regularly engaged to present on technology issues and sought for press comments. Matthew has delivered presentations to the AICD, CPA, IIA, and ACCA in addition to industry specific presentation forums.
CEO, Gordian Lawyers
Mike is the CEO of Gordian Lawyers, a law firm specialising in technology, commercial law and privacy. Mike has been practising IT law for more than 25 years.
Prior to establishing Gordian Lawyers in 2006, Mike was Head of the Technology Group at one of the largest Australian law firms, and before that he had a number of roles as senior in-house counsel for global IT companies in Europe and Australia.
Mike’s clients include global ICT companies, ASX listed companies, as well as start ups, IT SMEs, Universities and Government Agencies.
With the arrival of the European GDPR legislation, Gordian Lawyers now offers GDPR training and awareness courses, as well as GDPR compliance programs. Having teamed up with leading firm of UK lawyers and accountants, Oury Clark, Gordian can provide expert advice for Australian business wanting to comply with their GDPR obligations, enabling Australian businesses to understand and comply with their legal obligations under Australian privacy laws as well as the European GDPR.
Mike is also deeply involved in the peak national IT industry association in Australia, the Australian Information Industry Association, and has been Deputy Chair of the National Board for the past 2 years.
Partner, Oury Clark Solicitors, United Kingdom
Ben is a Partner and Certified GDPR Practitioner within the Corporate and Commercial department of London law firm Oury Clark Solicitors and heads up the firm’s GDPR compliance team. Ben advises businesses across a wide range of sectors on their legal and commercial considerations when entering the UK market from overseas, with a sizeable proportion of his clients headquartered out of Australia.
As part of his broader commercial and corporate practice, Ben offers a unique level of practical insight into the core business and legal considerations faced by organisations day-to-day, against which increased regulatory compliance is simply an additional layer. In this context, Ben’s GDPR advisory expertise is focused upon providing proportionate and results-driven advice and strategic compliance program implementation that aims to empower businesses to use compliance as a means of improving systems and driving sales.
Recently featured in The Times for comment around GDPR in the wake of the Cambridge Analytica/Facebook data breach and a member of the UK Government’s All-Party Parliamentary Group on Artificial Intelligence, Ben is at the forefront of this rapidly developing area of the law and has delivered presentations and training to audiences within the UK and internationally on the topic of data protection and the practical steps that organisations should be taking before and after 25th May 2018.
Thank you to our Sponsors
National Platinum Sponsor