Data is king in the present day. Many businesses underestimate the amount of personal information or consumer data they may hold and the various regulations that surround storing this data.

Recent digital advancements mean that consumer data can be collected from around the world, and stored within seconds, in a variety of ways, including websites, email systems, collaboration platforms and business applications.

It is important for organisations to proactively review the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs.

Companies are now facing significant penalties, even when no data breach has occurred, due to complex and evolving global data privacy regulations.

It is important for organisations to proactively protect data by reviewing the legislative landscape, contractual obligations and customer expectations to verify their privacy and safeguarding programs. With data privacy laws constantly evolving, it’s paramount for businesses to be vigilant in assuring they are complying with these regulations.

Securing Personally Identifiable Information (PII) and achieving compliance requires more than scanning and annual audits. 

KEY CONTACT

 Darren Booth             
Partner

E: [email protected]

T: +61 3 9286 8158

 Ashwin Pal             
Partner

E: [email protected]

T: +61 2 8226 4858

 Riaan Bronkhorst             
Partner

E: [email protected]

T: +61 8 9261 9272

How can we help you?

 

True compliance is achieved when organisations can make the right security decisions throughout the year. Based on RSM’s experience, many organisations are not fully compliant with privacy laws and regulations. We understand the complexities related to these regulations and how they can affect your business and can help you develop a program to proactively comply with them—and leverage this program as a competitive differentiator.

RSM’s data privacy services offer a breadth of options to best suit your organisation’s needs.

Our staff is well-versed in the practices that are necessary to assure compliance with a variety of data privacy regulations such as the EU General Data Protection Regulation (GDPR), Australian Privacy Principles (APP) and the Consumer Data Right (CDR) Rules, among others. 

RSM’s approach provides you options and flexibility on your path to compliance and adapting to the new landscape of privacy regulations and privacy-aware consumers.

Based on RSM’s experience, many organisations are not fully compliant with information and data privacy laws and may not even realise it. Organisations that are exposed to evolving laws to protect consumer information (e.g., APP and CDR) or international regulations (GDPR, LGPD, PIPEDA, CCPA) would benefit from RSM’s data privacy services.

The CDR Rules require an organisation seeking accreditation to undergo an ASAE 3150 independent audit of their information security controls to safeguard the privacy of shared CDR data.

The GDPR was the biggest shake-up to data protection laws and privacy legislation in a generation. It affects organisations located outside the EU, who provide goods or services to people in the EU, or gather data on the behaviour of people in the EU.

For clients who are seeking privacy regulation compliance, RSM offers the following services that will assist in key areas.

  • Data audit and discovery. 
    RSM can help you understand what types of data you possess, where it resides and how it flows through systems and applications, why it is collected and how the user data is discarded.
  • Data Privacy Gap Assessments. 
    RSM can identify your key risks of compliance with rules and regulations by assessing your practices with the requirements. This results in more efficient execution of your privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.
  • Policy governance review or development. 
    RSM can help you learn how to develop or adjust your data privacy policies with the elements required by the new regulations.
  • Technical safeguard assessments. 
    This assessment can help you ensure your controls are functioning as intended, while identifying and developing a plan to remediate any gaps.
  • Incident response plan development. 
    The new regulations increasingly require prompt data breach notification, sometimes in as little as 72 hours of a breach being identified. RSM can create, develop, or refine a data security incident response plans to meet these requirements.
  • Advisory services. 
    RSM can provide advice to help you develop or optimise a Privacy compliance framework to protect sensitive data or financial data, including road map development from the ways your business collects data, stores data, or disposes of data.

 

In addition to these services, RSM offers an extensive privacy gap assessment service, which benchmarks your organisation against applicable laws and reduces the risk of your business facing penalties from noncompliance. Our approach maps out critical information processes and determines if regulatory controls have an impact on your business.

The goals of a privacy gap assessment are the following:

  • Understand rapidly evolving privacy compliance obligations
  • Develop an enterprise-wide strategy and plan for achieving compliance
  • Implement required operational changes
  • Train employees on threats and compliance obligations
  • Maintain compliance throughout the year

This results in more efficient execution of your information and data privacy compliance efforts and helps you avoid the penalties and risks that may come from noncompliance.

 

CAPTCHA