Gemalto is now part of the Thales Group, find out more.

The Australian Privacy Amendment Act 2017

EU Flag Banner - GDPR Compliance


The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017

Gemalto’s portfolio of SafeNet Data Encryption and Tokenization, Key Management, and Hardware Security Module (HSM) solutions provide persistent protection of sensitive data to meet the most stringent compliance mandates and regulations. So, even if a breach occurs, organizations can avoid having to make a public data breach notification because their data is encrypted and safe.

The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017 (Act) amends the Australian Privacy Act 1988 to bring Australia in line with other countries’ mandatory data breach laws. Although the Privacy Amendment (Notifiable Data Breaches) Act of 2017 was passed in February 2017, notification requirements will not go into effect until February 22, 2018. While not as extensive as the European Union’s General Data Protection Regulation (GDPR), the level of collaboration and preparation needed to address the new rules means organizations need to start planning for compliance now.

The Austrailian Privacy Amendment (Notifiable Data Breaches) Act 2017

Data Compliance Experts address security needs arising from NDB

Get the eBook

Who must comply

The Notifiable Data Breach (NDB) Scheme applies to applicable entities under the Privacy Act:

  • Australian, ACT and Norfolk Island public sector agencies;
  • Private sector organisations (inside & outside Australia) with an annual turnover over $3 million;
  • Health service providers; and
  • Some small businesses and non-government organizations.

How to prepare for NDB

Not all data breaches require notification; if certain data security measures have been put in place, breach notification may not be necessary. The surest way to avoid the NDB notification obligation is to ensure that any breach of customer information does not result in the risk of harm. When appropriate security controls, such as data encryption and centralized key management, are deployed within an organization and customer data is kept safe in the face of a breach, organizations are not required to notify customers.

How to apply robust data encryption and key management for NDB

To address the Privacy Act’s compliance requirements, organizations may need to employ one or more encryption methods in either their on-premises or cloud environments, to protect the following:

Strong Key Management is necessary to protect encrypted data, so that in the event of a data breach the encrypted data is safe because the encryption keys are secured.

Organizations will also need a way to verify the legitimacy of user identities and digital transactions, and to prove compliance. It is critical that the security controls in place be demonstrable and auditable.

Gemalto offers the only complete data protection portfolio that works together to provide persistent protection and management of sensitive data, which can be mapped to the Privacy Act’s framework.

Download Gemalto’s Australia Privacy Act 2017 eBook to better understand the mandate and how Gemalto can help you comply its requirements

Getting Ready for Australia's Privacy Act

Getting ready for Australia’s Privacy Amendment (Notifiable Data Breaches) and Applying Appropriate Security Controls—Webinar

Join Information Legal and Gemalto on this on-demand webinar to find out more about:

  • The local and global government data privacy regulations (Australia and Europe)
  • Gauging the true cost of a data breach and how to reduce the scope of risk
  • Understanding privacy by design throughout business
  • Strategies for simplifying operations for regulation and internal audits
  • Determining current industry compliance, which may be applicable to the NDB and GDPR
Watch our on-demand webinar
Getting Ready for Australia's Privacy Act

Are you Ready for Australia's Privacy Act? A Gemalto Case Study

Join us for part two of our webinar series focused on helping companies prepare for the upcoming Australian Privacy Act and global government regulations, like European General Data Protection Regulation (GDPR).

Watch our on-demand webinar

Are you ready for NDB? Australian Notifiable Data Breach regulation has started.

The Notifiable Data Breaches (NDB) scheme was established through the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017. NDB introduced an obligation on organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches.

Watch the video here
The General Data Protection Regulation - GDPR Expanded Ebook Image

Getting Ready for EU Compliance: General Data Protection Regulation (GDPR)

Learn More about GDPR

Learn More About EU Regulations

Getting started with GDPR, Privacy and Applying Appropriate Security Controls - Webinar

Getting started with GDPR, Privacy and Applying Appropriate Security Controls - Webinar

Join (ISC)² and Gemalto in this on-demand webinar to find out what you should know about the new General Data Protection Regulation: background, what is changing, penalties for getting it wrong, security implication and more.

Watch our on-demand webinar
EU Flag Thumbnail - GDPR Compliance Call to Action

Prepare for GDPR

From the physical and virtual data center to the cloud, Gemalto helps organizations remain protected, compliant, and in control. Gemalto encryption and cryptographic key management products enable organizations to secure sensitive data in databases, applications, storage systems, virtualized platforms, and cloud environments.

Contact us for help addressing GDPR






* 电邮地址:  
* 名:  
* 姓:  
* 公司:  
* 手机:  
* 国家:  
* State (US Only):  
* Province (Canada/Australia Only):