Mandatory Reporting of Eligible Data Breaches

Australia’s Privacy Amendment (Notifiable Data Breaches) Act 2017 and Europe’s General Data Protection Regulation (GDPR) are both now in effect, with New Zealand not far behind.

This is a clear indication that it is time to get serious about data security and protecting the privacy of individuals.

In Australia, eligible data breaches – i.e. potentially harmful data breaches – must be notified to the affected individuals as well as the Office of the Australian Information Commission within 30 days of the suspected breach. Any private sector or not-for-profit organisation with an annual turnover of greater than $3million is subject to the mandatory reporting protocols for eligible data breaches.

Our advice is to arm yourself with the right information for your organisation’s home country and the countries that your organisation operates in wherever personal information of individuals is held.


Visit the website of the Office of the Australian Information Commissioner

New Zealand

Visit the website of the Privacy Commissioner


Visit the website of the EUGDPR

You are also welcome to talk to one of our RMS team members if you have any questions about how a notifiable data breach might affect ‘business as usual’ for your organisation. Call us on 02 9847 3375.