GDPR: Is Australia Ready?Steve Ingram of PwC Says Readiness Varies, But It's Not Too Late to Start
Australia's stance ahead of the EU beginning to enforce its General Data Protection Regulation on May 25 is like "bookends," says Steve Ingram, the Asia Pacific cyber lead for PwC.
"We have some organizations that are absolutely locked and loaded and ready to go, but for many organizations, there's still room for improvement," Ingram says in an interview with Information Security Media Group. "I think the important message is: If you haven't started yet, it's not too late, but it is too late to beg forgiveness. So you need to get cracking with it soon."
GDPR imposes one of the strictest data protection regimes in the world. Organizations are required to report breaches within 72 hours, and penalties per infraction can be up to 20 million euros or 4 percent of annual global turnover.
For Australian businesses, the challenge is also ensuring that third parties that are processing Europeans' data are on board and ready, Ingram says.
"It's more than just the scope of commerce with Europe," Ingram says. "It's the footprint of your business, or the footprint of the data in your business."
In the interview (see audio link below photo), Ingram discusses:
- How the market will not judge an organization on whether it has a breach, but rather how it deals with a breach;
- Why the key to GDPR compliance is understanding an organization's data footprint and where information is held and used;
- Why in the wake of scandals such as Facebook and Cambridge Analytica, compliance is emerging as a competitive advantage.
Ingram, who has been a partner with PwC in Australia for 13 years, leads a team of more than 200 that focuses on IT security, risk and forensics. He has previously held positions dealing with fraud detection and prevention with Commonwealth Bank and Arthur Andersen.