GDPR, the NIS directive, the Australian Privacy Policy and SME’s – how big is the impact?

Do you understand the universal implications of the EU’s GDPR (General Data Protection Regulation) and the new Australian Privacy policy.

If you have been following the introduction of these regulations then you know.

You would realsie how big an issue this is going to be.   You would also realize that you may not have the time, money or expertice to implement a protection plan.

You may know but you may have thought it has nothing to do with you or your organisations.

You would be wrong.

These regulations are going to have a profound effect on businesses and organisations all over Australia, not just in the european union and Australia but all over the world.

Strict protection and compliance is the name of the game, but for most of the SME’s in Australia, where “she’ll be right” is the foremost thought when it comes to compliance, there are going to be some serious issues.

The regulations ensure that all EU personal data collected by an organisation is to have the same governance and compliance around it as if it was managed by all EU organisations.

But I am not in the EU you say,

The regulations apply to any citizen of the EU in your database.

With the internet making every organisation global, how do you stop it from happening to you.

You could geofence your web site, but there are always ways to get around it if someone wants to purchase your product.

This is a major issue.

The impact – get hacked, pay huge fine, go out of business!

The GDPR and the Australian Privacy Policy are going to ensure that you can significantly damage you organisation if you do not put something around it to comply with the regulations.

I have been harping on about compliance and business security for the last 13 years.

This is what you need.

Get a framework!

Any framework will do but I recommend NIST.

NIST, compliance and business frameworks are not easy to implement, manage and control but they have to be done to protect every organisation from a cyber event.

Some of the questions you need to ask are:

  • Who do I know who can help with a framework
  • How much will compliance cost
  • How much would a breach cost
  • How complex is the job of implementation
  • What risks do we have to mitigate, remove or remediate
  • What do we have to do to comply with GDPR and the Australian Privacy Policy

What answers did you get?

For your next step talk to me.


Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.

He is the winner of the worldwide 2018 Cybersecurity Educator of the Year award and was Runner up in 2017 .  

He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   

He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.