Information and Data Privacy

Information and Data Privacy services

Information and Data Privacy

Data is king in the present day. Many businesses underestimate the amount of personal information or consumer data they may hold and the various regulations that surround storing this data.

Recent digital advancements mean that consumer data can be collected from around the world, and stored within seconds, in a variety of ways, including websites, email systems, collaboration platforms and business applications.

It is important for organisations to proactively review the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs.

RSM Information and user Data privacy services

It is important for organisations to proactively review the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs.


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

Information and Data Privacy services

Companies are now facing significant penalties, even when no data breach has occurred, due to complex and evolving global data privacy regulations.

It is important for organisations to proactively protect data by reviewing the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs. With data privacy laws constantly evolving, it’s paramount for businesses to be vigilant in assuring they are complying with these regulations.

Securing Personally Identifiable Information (PII) and achieving compliance requires more than scanning and annual audits.

True compliance is achieved when organisations can make the right security decisions throughout the year. Based on RSM’s experience, many organisations are not fully compliant with privacy laws and regulations. We understand the complexities related to these regulations and how they can affect your business and can help you develop a program to proactively comply with them—and leverage this program as a competitive differentiator.

RSM Information and Data Pricavy services
Contact a workplace assurance specialist


RSM’s data privacy services offer a breadth of options to best suit your organisation’s needs.

Our staff is well-versed in the practices that are necessary to assure compliance with a variety of data privacy regulations such as the EU General Data Protection Regulation (GDPR), Australian Privacy Principles (APP) and the Consumer Data Right (CDR) Rules, among others.

RSM’s approach provides you options and flexibility on your path to compliance and adapting to the new landscape of privacy regulations and privacy-aware consumers.

Who needs this?

Based on RSM’s experience, many organisations are not fully compliant with information and data privacy laws and may not even realise it. Organisations that are exposed to evolving laws to protect consumer information (e.g., APP and CDR) or international regulations (GDPR, LGPD, PIPEDA, CCPA) would benefit from RSM’s data privacy services.

The CDR Rules require an organisation seeking accreditation to undergo an ASAE 3150 independent audit of their information security controls to safeguard the privacy of shared CDR data.

The GDPR was the biggest shake-up to data protection laws and privacy legislation in a generation. It affects organisations located outside the EU, who provide goods or services to people in the EU, or gather data on the behaviour of people in the EU.

RSM Information and Data Pricavy services

Overview of Services

For clients who are seeking privacy regulation compliance, RSM offers the following services that will assist in key areas.

  • Data audit and discovery.
    RSM can help you understand what types of data you possess, where it resides and how it flows through systems and applications, why it is collected and how the user data is discarded.
  • Data Privacy Gap Assessments.
    RSM can identify your key risks of compliance with rules and regulations by assessing your practices with the requirements. This results in more efficient execution of your privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.
  • Policy governance review or development.
    RSM can help you learn how to develop or adjust your data privacy policies with the elements required by the new regulations.
  • Technical safeguard assessments.
    This assessment can help you ensure your controls are functioning as intended, while identifying and developing a plan to remediate any gaps.
  • Incident response plan development.
    The new regulations increasingly require prompt data breach notification, sometimes in as little as 72 hours of a breach being identified. RSM can create, develop, or refine a data security incident response plans to meet these requirements.
  • Advisory services.
    RSM can provide advice to help you develop or optimise a Privacy compliance framework to protect sensitive data or financial data, including road map development from the ways your business collects data, stores data, or disposes of data.

In addition to these services, RSM offers an extensive privacy gap assessment service, which benchmarks your organisation against applicable laws and reduces the risk of your business facing penalties from noncompliance. Our approach maps out critical information processes and determines if regulatory controls have an impact on your business.

The goals of a privacy gap assessment are the following:

  • Understand rapidly evolving privacy compliance obligations
  • Develop an enterprise-wide strategy and plan for achieving compliance
  • Implement required operational changes
  • Train employees on threats and compliance obligations
  • Maintain compliance throughout the year

This results in more efficient execution of your information and data privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.

Need assistance about information and data privacy?

RSM Information and user Data privacy services
RSM offers Workplace assurance advice

The impact of ransomware attacks on SMEs

1 September 2020
Ransomware threats remain prevalent within small to medium enterprises, taking multiple forms and requiring organisations to take a more proactive stance to protect key data and intellectual property.

RSM's Consumer Data Right (CDR) submission

30 July 2020
As the Consumer Data Right (CDR) Rules continue to evolve, RSM submitted a response to the request for submissions related to the draft ‘intermediary’ Rules, which were published in June 2020.

Five considerations for boards to improve data privacy

3 July 2020
Data privacy awareness and compliance are crucial to handling emerging threats, and are fast becoming a major area of consideration among organisations and individuals.

Consumer Data Right (CDR) information security accreditation

23 June 2020
Obtaining assurance on the security of your CDR data environment. With CDR going live on 1 July 2020, Accredited Data Recipient (ADR) applicants must demonstrate the security effectiveness of their people, processes and technology. The key is to demonstrate security, whilst minimising the cost.

Cyber security - what's old is new again

11 June 2020
User credentials of millions of users have been compromised over the years as a result of cyber incidents.

Real estate organisations are a new target as cyberthreats continue to grow

25 May 2020
With the magnitude of security and data breach cases highlighted regularly in the media, most executives of real estate companies are aware that they will likely become a victim of a cyberattack.

Which security framework is right for you?

1 May 2020
With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

Is COVID-19 an excuse to forgo forensic due diligence or integrity checks?

20 April 2020
In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks.

Business has changed again - is it time to update your business systems?

14 April 2020
Many businesses were planning to put 2019 behind them and were looking forward to 2020 with some optimism.  However, with the impact COVID-19 being felt by all, the first quarter of 2020 has not gone to plan.

How to cut IT costs when cash flow is tight

9 April 2020
With most businesses across Australia suffering a steep blow to cash flow in the current climate, it’s never been more important to eliminate wasteful spending.

Home office security essentials and tax deductions during COVID-19

26 March 2020
To minimise the spread of COVID-19, businesses across the globe are hurrying to implement remote working for employees.

COVID-19 and a remote workforce - steps to securing your organisation against cyber-attacks

24 March 2020
The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.