AIIA Victoria GDPR Briefing – Impact of the new EU privacy law (GDPR) on Australian Businesses

Download presentation

A new piece of legislation that will come into force in the EU on May 25, 2018 that provides individuals with a new set of privacy rights. This new law will reach beyond the shores of the EU and will extend to any person who markets or sells goods or services (including for free) to any EU country (including the UK) and/or who monitors the behaviour of EU individuals within the EU (e.g. tracking activities of EU individuals on a website).

Unlike many other privacy laws where it is largely a legal compliance issue, the GDPR requires a complete organisational re-think of privacy.

In order to comply, this requires organisations to implement, among many things, the need to have documented procedures; the need to proactively conduct impact assessments of risky data privacy processing; in some cases, the need to appoint a Data Protection Officer; the creation of a ‘privacy by design’ approach to an organisation’s goods and services; amendments to be made to supplier agreements; and a comprehensive review of all marketing and administrative processes.

Whilst acknowledging that the cost of compliance is not insignificant, the penalties for non-compliance have been set deliberately high to ensure that the cost of compliance is less than the cost of non-compliance.

This law will be enforced with penalties for breach being up to 4% of global turnover or 20m Euro, whichever is the higher.

European companies will be prohibited from transferring personal information to any entity (including their local Australian subsidiaries) that cannot demonstrate its compliance with the new GDPR as of May 25, 2018.

The Opportunity for AIIA members

On the other hand, this new legislation provides significant opportunities – for IT companies in particular – to provide products and services that will assist companies all over the world to comply with the GDPR and enable the efficient use and flow of secure personal information into and out of the EU.

Whilst the GDPR is the talk of the town in Europe, studies have shown that there is little awareness or GDPR in Australia, and very few companies have an action plan to comply.

The reality is that with such large organisational wide impact it is probably to already too late to be ready for May 25, 2018 and companies will need to be implementing GDPR and managing their exposure at the same time.

Guest Speakers

Rachel Dixon, Privacy and Data Protection Deputy Commissioner — Office of the Victorian Information Commissioner will explore the present Victorian Data Protection legislation and practices and any impact that the changes to EU legislative changes will have.

Mathew Green, Partner, Grant Thornton

Mike Pym, the CEO of Pym’s Technology Lawyers and Co-Chair of the AIIA National Board and Ben Robson, the lead partner of Oury Clark’s UK GDPR team will deliver presentations providing comprehensive advice regarding the impact of GDPR, offer insight into strategies to comply with the GDPR and implementation framework in order to assist them – and their clients – to step up to the GDPR challenge.

Speakers

Rachel Dixon
Privacy and Data Protection Deputy Commission, Office of the Victorian Information Commissioner

Mathew Green
Partner, Grant Thornton

Matthew brings 15+ years experience in providing IT assurance and advisory services to Government and private enterprise in Australia, the USA, Asia and the Middle East.

Matthew’s extensive IT assurance and advisory experience covers business and technology across strategy, governance, operations, service delivery, procurement, major projects, data management and 3rd party auditing.

Matthew’s experience allows him to impart considered, focussed advice in a clear and pragmatic way that is commercial, balanced and provides value to his clients.

Matthew has a strong capability to cut through the technology jargon and communicate with senior management and C level executives in business terms.

In working with clients Matthew has advised on technology strategy, IT governance and controls, security and privacy, business and IT resilience, infrastructure and application selection and implementation, assessed major projects for on-going viability, conducted post implementation reviews, provided on-going project QA, facilitated detailed root cause investigations and provided independent assurance over third party service provider processes and controls.

Matthew has provided IT assurance and advisory services to some of most recognised organisations in Australia including Quiksilver, 7-Eleven Stores, AustralianSuper, Superpartners, AIA Insurance, Gloria Jeans Coffees, Dun and Bradstreet, Deakin University, Swinburne University, McMillian Shakespeare, Victoria Police, VicSES, Chartered Accountants Australia and New Zealand, Vision Australia, Incitec Pivot, Americold and Apotex.

Matthew brings a significant depth of knowledge in cyber security having worked with many organisations conducting cyber security maturity assessments, testing processes and controls, running vulnerability scans and penetration testing and facilitating incident response and investigation.  Matthew is the Australian lead partner for a series of global insurance underwriters leading the investigation of cyber security related incidents and insurance claims.

Matthew is regularly engaged to present on technology issues and sought for press comments.  Matthew has delivered presentations to the AICD, CPA, IIA, and ACCA in addition to industry specific presentation forums.

Mike Pym 
CEO, Gordian Lawyers

Mike is the CEO of Gordian Lawyers, a law firm specialising in technology, commercial law and privacy.  Mike has been practising IT law for more than 25 years.

Prior to establishing Gordian Lawyers in 2006, Mike was Head of the Technology Group at one of the largest Australian law firms, and before that he had a number of roles as senior in-house counsel for global IT companies in Europe and Australia.

Mike’s clients include global ICT companies, ASX listed companies, as well as start ups, IT SMEs, Universities and Government Agencies.

With the arrival of the European GDPR legislation, Gordian Lawyers now offers GDPR training and awareness courses, as well as GDPR compliance programs.  Having teamed up with leading firm of UK lawyers and accountants, Oury Clark, Gordian can provide expert advice for Australian business wanting to comply with their GDPR obligations, enabling Australian businesses to understand and comply with their legal obligations under Australian privacy laws as well as the European GDPR.

Mike is also deeply involved in the peak national IT industry association in Australia, the Australian Information Industry Association, and has been Deputy Chair of the National Board for the past 2 years.

Photo©John Cassidy The Headshot Guy® www.theheadshotguy.co.uk 07768 401009

Ben Robson
Partner, Oury Clark Solicitors, United Kingdom

Ben is a Partner and Certified GDPR Practitioner within the Corporate and Commercial department of London law firm Oury Clark Solicitors and heads up the firm’s GDPR compliance team. Ben advises businesses across a wide range of sectors on their legal and commercial considerations when entering the UK market from overseas, with a sizeable proportion of his clients headquartered out of Australia.

As part of his broader commercial and corporate practice, Ben offers a unique level of practical insight into the core business and legal considerations faced by organisations day-to-day, against which increased regulatory compliance is simply an additional layer. In this context, Ben’s GDPR advisory expertise is focused upon providing proportionate and results-driven advice and strategic compliance program implementation that aims to empower businesses to use compliance as a means of improving systems and driving sales.

Recently featured in The Times for comment around GDPR in the wake of the Cambridge Analytica/Facebook data breach and a member of the UK Government’s All-Party Parliamentary Group on Artificial Intelligence, Ben is at the forefront of this rapidly developing area of the law and has delivered presentations and training to audiences within the UK and internationally on the topic of data protection and the practical steps that organisations should be taking before and after 25th May 2018.

Sponsors

Thank you to our Sponsors

National Platinum Sponsor

Host Sponsor