Information and Data Privacy

Information and Data Privacy services

Information and Data Privacy

Data is king in the present day. Many businesses underestimate the amount of personal information or consumer data they may hold and the various regulations that surround storing this data.

Recent digital advancements mean that consumer data can be collected from around the world, and stored within seconds, in a variety of ways, including websites, email systems, collaboration platforms and business applications.

It is important for organisations to proactively review the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs.

RSM Information and user Data privacy services

It is important for organisations to proactively review the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs.


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

Information and Data Privacy services

Companies are now facing significant penalties, even when no data breach has occurred, due to complex and evolving global data privacy regulations.

It is important for organisations to proactively protect data by reviewing the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs. With data privacy laws constantly evolving, it’s paramount for businesses to be vigilant in assuring they are complying with these regulations.

Securing Personally Identifiable Information (PII) and achieving compliance requires more than scanning and annual audits.

True compliance is achieved when organisations can make the right security decisions throughout the year. Based on RSM’s experience, many organisations are not fully compliant with privacy laws and regulations. We understand the complexities related to these regulations and how they can affect your business and can help you develop a program to proactively comply with them—and leverage this program as a competitive differentiator.

RSM Information and Data Pricavy services
Contact a workplace assurance specialist


RSM’s data privacy services offer a breadth of options to best suit your organisation’s needs.

Our staff is well-versed in the practices that are necessary to assure compliance with a variety of data privacy regulations such as the EU General Data Protection Regulation (GDPR), Australian Privacy Principles (APP) and the Consumer Data Right (CDR) Rules, among others.

RSM’s approach provides you options and flexibility on your path to compliance and adapting to the new landscape of privacy regulations and privacy-aware consumers.

Who needs this?

Based on RSM’s experience, many organisations are not fully compliant with information and data privacy laws and may not even realise it. Organisations that are exposed to evolving laws to protect consumer information (e.g., APP and CDR) or international regulations (GDPR, LGPD, PIPEDA, CCPA) would benefit from RSM’s data privacy services.

The CDR Rules require an organisation seeking accreditation to undergo an ASAE 3150 independent audit of their information security controls to safeguard the privacy of shared CDR data.

The GDPR was the biggest shake-up to data protection laws and privacy legislation in a generation. It affects organisations located outside the EU, who provide goods or services to people in the EU, or gather data on the behaviour of people in the EU.

RSM Information and Data Pricavy services

Overview of Services

For clients who are seeking privacy regulation compliance, RSM offers the following services that will assist in key areas.

  • Data audit and discovery.
    RSM can help you understand what types of data you possess, where it resides and how it flows through systems and applications, why it is collected and how the user data is discarded.
  • Data Privacy Gap Assessments.
    RSM can identify your key risks of compliance with rules and regulations by assessing your practices with the requirements. This results in more efficient execution of your privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.
  • Policy governance review or development.
    RSM can help you learn how to develop or adjust your data privacy policies with the elements required by the new regulations.
  • Technical safeguard assessments.
    This assessment can help you ensure your controls are functioning as intended, while identifying and developing a plan to remediate any gaps.
  • Incident response plan development.
    The new regulations increasingly require prompt data breach notification, sometimes in as little as 72 hours of a breach being identified. RSM can create, develop, or refine a data security incident response plans to meet these requirements.
  • Advisory services.
    RSM can provide advice to help you develop or optimise a Privacy compliance framework to protect sensitive data or financial data, including road map development from the ways your business collects data, stores data, or disposes of data.

In addition to these services, RSM offers an extensive privacy gap assessment service, which benchmarks your organisation against applicable laws and reduces the risk of your business facing penalties from noncompliance. Our approach maps out critical information processes and determines if regulatory controls have an impact on your business.

The goals of a privacy gap assessment are the following:

  • Understand rapidly evolving privacy compliance obligations
  • Develop an enterprise-wide strategy and plan for achieving compliance
  • Implement required operational changes
  • Train employees on threats and compliance obligations
  • Maintain compliance throughout the year

This results in more efficient execution of your information and data privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.

Need assistance about information and data privacy?

RSM Information and user Data privacy services
RSM offers Workplace assurance advice

8 Global healthcare trends driving health industry change in 2022

7 November 2022
What are the global healthcare trends driving industry change in 2022? We have collated contributions from across RSM’s global healthcare community – working with over 3,000 healthcare organisations - to examine the most impactful trends driving change across the health sector. For each trend, we’ve included the key considerations for healthcare leaders, to shape the debate on navigating the post-pandemic world.

Now is the time for Risk and Cyber Security to work closer together

29 March 2022
Having worked across all of Asia Pacific in previous roles, RSM's cybersecurity and privacy specialist Ashwin Pal has seen and experienced how things are done broadly within the region. 

Risk Insider Newsletter - Edition #11

14 March 2022
We hope that this edition of the Risk Insider finds you well. The current circumstances that we are faced with are unprecedented and devastating. We want to take this opportunity to extend our support to any businesses that have been affected during this time

Australia’s digital future: Evolving the Consumer Data Right | Webinar Recording

3 March 2022
Darren Booth, National Head of Cyber Security and Privacy Risk Services at RSM, presented at the Committee for Economic De

Protect the future of your business with security certification

2 December 2021
Cybersecurity is a real risk and one that needs to be considered and managed effectively in order to protect the future of your business. 

Staying on top of our Cyber Hygiene

1 December 2021
One of the implications of COVID on our digital lives is that we are now more online than ever before. 

Case study: Zepto

8 November 2021
Zepto is a rapidly growing FinTech company on a mission to deliver innovative products that empower merchants to redefine the payment experience through automation, consent, data, and open exchange of information.

RSM and Avertro forge a partnership to secure Australian businesses

26 October 2021
RSM Australia (RSM), one of the largest mid-tier accounting firms in Australia, are joining forces with Avertro, a sovereign Australian cybersecurity startup, in an industry-leading partnership that will improve the cyber resilience of Australian businesses.

The path to becoming an Accredited Data Recipient

20 October 2021
As a potential Accredited Data Recipient (ADR) for Open Banking and Open Energy, the path to achieving Consumer Data Right accreditation may appear complex and time consuming to navigate.  

Security of Critical Infrastructure Act 2018 (SOCI Act) – A Brief Overview

14 October 2021
No one will argue that the cyber threat landscape is changing rapidly for the worse.

Webinar: Anti-Fraud Resilience The Latest Innovations

7 October 2021
Roger Darvall-Stevens, Partner and Head of Fraud and Forensic Services, presented on recent significant changes to fraud and corruption control which could make a significant positive impact to your business to help reduce the cost of fraud and corruption and have a more robust fraud and corruption control system.

Using the Office of the Australian Information Commissioner (OAIC) CDR Privacy Safeguard Guidelines as a FAQ

30 September 2021
There is a lot of reading to do if you want to receive and use Consumer Data Right (CDR) data for Open Banking or Open Energy.

Controls Alignment to Risk Tolerance

28 September 2021
The first half of 2021 has seen a noticeable increase in cyber breaches of some very notable brands.

3 tips to protect your government agency from a ransomware attack

23 September 2021
Are you scared of being a victim of ransomware?

Crypto assets continue on their fast-paced evolution

20 September 2021
During the last couple of years, crypto assets have evolved and new players continue to appear in this space, while others - like the Libra from Facebook - appear to have vanished before their debut.