Data is king in the present day. Many businesses underestimate the amount of personal and sensitive information, or consumer data they may hold and the various regulations that surround the management of this data through its lifecycle.
Organisations must be considering the ways in which they are collecting, storing, securing, using, sharing, archiving, and destroying this data.
Recent digital advancements have resulted in personal and sensitive information, and consumer data being readily available around the world. This data can be collected and stored within seconds - via websites, email systems, collaboration platforms and business applications, just to name a few.
It is important for organisations to proactively protect personal and sensitive information and consumer data by continually reviewing the legislative landscape, contractual obligations, and customer expectations to verify their privacy and safeguarding programs. With data privacy laws constantly evolving, it’s paramount for businesses to be vigilant in assuring they are complying with these regulations and appropriately managing data throughout its lifecycle.
Based on RSM’s experience, many organisations are collecting much more data than they need, and are retaining this data indefinitely. Further, many organisations are not compliant with relevant privacy laws and regulations. We understand the complexities related to these regulations and how they can affect your business.
Overview of Services
RSM welcomes the opportunity to meet with you to discuss your organisation’s specific needs. Below is a listing of the standard privacy and data protection services we provide:
- Data Audit and Discovery
RSM can help you understand what types of data you possess, where it resides, how it flows through systems and applications, why it is collected, and how the data is discarded. - Privacy Gap Assessments
A privacy gap assessment can identify the key areas of non-compliance with laws, rules, and regulations by assessing your existing practices against the requirements. This assessment highlights your privacy compliance efforts and provides key outcomes for uplift and management of privacy risks and compliance. Some examples of our privacy gap assessments include against the GDPR Principles, Australian Privacy Principles and Notifiable Data Breach Scheme, Victorian Information Privacy Principles, New Zealand Information Privacy Principles, and other international privacy legislation such as in the UK, and south east Asian countries. - Policy Governance Review and/or Development
RSM can support the update of your existing privacy and data protection policies and/or development of new policies to meet the requirements of privacy and data protection laws and regulations, including new regulations. - Data Breach / Security Incident Response Plan Review and/or Development
It is paramount for an organisation to have a response plan which includes the relevant notification requirements for a data breach. New regulations increasingly require prompt data breach notifications, sometimes in as little as 72 hours of a breach being identified. RSM can develop, and/or refine a Data Breach / Security Incident Response Plan to meet these requirements. - Advisory Services
RSM provides advice to help you develop or optimise a Privacy Compliance Framework to protect personal and sensitive information and/or consumer data, including the development of a fit for purpose road map to increase privacy maturity over time
RSM’s privacy and data protection services offer a breadth of options to best suit your organisation’s needs.
Our team are well-versed in the practices that are necessary to perform assessments, and support compliance with a variety of privacy and data protection regulations such as the EU General Data Protection Regulation (GDPR), Australian Privacy Principles (APP) and the Consumer Data Right (CDR) Rules, among others.
We understand that all organisations are unique. Our approach is to understand your needs and provide you with a fit for purpose solution to understand and comply with privacy and data protection regulations.
Many organisations do not know how to navigate the requirements under various privacy and data protection laws and regulations. There is much more to privacy and data protection, then having a Privacy Policy in place. Depending upon the type of information in focus, and nature of the organisation’s business function, there are many existing and evolving laws and regulations that may be relevant for the organisation to comply with. Some examples of these include the Australian Privacy Act 1988, and Consumer Data Right Rules, or international regulations such as the General Data Protection Regulation (GDPR).
Has your industry been nominated to comply with CDR? The CDR Rules require an organisation seeking accreditation to undergo an ASAE 3150 independent audit of their information security controls to safeguard the privacy of shared CDR data.