THE NEW PRIVACY LAWS EVERY SMALL BUSINESS NEEDS TO KNOW

October is Cybersecurity Month, a time when awareness about cyber threats takes centre stage. This year coincides with a significant change in Australia’s Privacy Act. If your business has an annual turnover of up to $3 million, get ready: new data protection rules are coming your way and will change how you store your data and do business.

Where do things currently stand?

If your small business is one of the 2.3 million in Australia with an annual turnover of less than $3 million, you are exempt from some of the cybersecurity responsibilities larger businesses have to shoulder.

Specifically, you aren’t obliged to have stringent measures to keep personal information secure, and you don’t have to notify individuals if their data gets breached.

This Privacy Act exemption has been a way to ease the burden on small businesses, allowing them to focus on growth without getting bogged down by extensive data protection requirements.

What’s the proposed change?

The government has decided it’s time to level the playing field regarding data protection. So, ALL small businesses with an annual turnover under $3 million will now have the same data protection responsibilities as bigger companies.

This means:

1. You must lock down any personally identifiable information you collect, such as customer names, driver’s licences, and email addresses. They are also considering adding more technical things like IP addresses and cookies.
2. If there is a data breach on your watch, you can’t just sweep it under the rug. You’ll be legally required to notify the affected parties.

How will these changes impact me and my business?

It will mean investing time and money into beefing up the foundations of your cybersecurity and data protection. Then, ongoing maintenance and monitoring will be crucial to ensure your protection measures are effective.

If you don’t comply with these new regulations, or your security is insufficient, you could face hefty fines in the event of a breach, not to mention the reputational damage that comes with allowing your customers’ data to be compromised.

When will the changes to the Privacy Act come in?

The Government is still consulting with small businesses and other stakeholders, so the exact rollout isn’t clear.

What should I do next?

Now is the perfect time to get a cybersecurity risk report to see what’s working, what isn’t and what you’ll need to fix to comply.

Synergy offers a 360-degree Cybersecurity Awareness Report, which assesses five critical areas of your business and gives you a snapshot of the effectiveness of your cybersecurity across all departments.

If you’d like help determining your risk profile and security, contact the team at Synergy today.