PRIVACY ACT & NDB COMPLIANCE

54

Successfully completed project

11

ISO 27001 implemented

17

Essentials 8 Audit accomplished

26

Privacy Act Implemented

Compliance with Privacy Act 1988 and Notifiable Data Breaches scheme

Our Privacy Act & Notifiable Data Breaches (NDB) Compliance Service supports organisations in meeting their obligations under the Privacy Act 1988 and the Australian Privacy Principles (APPs). The service is designed to help Boards and executive management gain assurance that personal information is handled lawfully, securely, and in a manner that withstands regulatory and stakeholder scrutiny.

We assess privacy governance arrangements, personal information handling practices, and supporting security controls to identify compliance gaps, material privacy risks, and areas requiring uplift. Our approach is practical, risk-based, and audit-led, focusing on defensible compliance rather than policy documentation alone.

A core focus of the service is APP 11 - Security of Personal Information, including the effectiveness of technical and organisational measures used to protect personal data from misuse, interference, loss, unauthorised access, modification, or disclosure. We also assess breach preparedness and incident response capability to ensure organisations can identify, assess, and respond to eligible data breaches in accordance with the Notifiable Data Breaches (NDB) scheme.

We help organisations establish clear and effective privacy policies, procedures, decision frameworks, and reporting mechanisms, enabling timely escalation, accurate breach assessment, and appropriate notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals when required. This supports executive accountability and informed decision-making during high-pressure incidents. The engagement includes a current-state assessment, followed by a prioritised implementation roadmap aligned to risk exposure and regulatory expectations.

Where required, we provide advisory support for control uplift, staff awareness training, and process improvement. Quarterly maturity reviews can be conducted to maintain visibility of privacy risk and ongoing compliance. All activities are aligned with ISO/IEC 27001, supporting integration into an existing or developing Information Security Management System (ISMS).

Key Deliverable-Reduced privacy risk and defensible Privacy Act and NDB compliance, supported by clear evidence, practical remediation actions, and Board-ready assurance reporting.

Meet our team

Somdeb Banerjee

Lead Auditor

Location : Brisbane | Kolkata

Experience : 18+ years in GRC | Critical Infrastructure

Credentials : BE | ME | Security+ | ISO 27001:2022 LA

Tanushree Ghosh

Lead Auditor

Location : Kolkata

Experience : 20+ years in Auditing | GRC

Credentials : B.Tech | ISO 27001:2022 LA

Jaydeep Mukherjee

Lead Data Engineer

Location : Brisbane

Experience : 16+ years in Data Modelling | Data Analyst

Credentials : BE | ME | ISO 27001:2022 LA

Akash Tiwari

Lead Auditor

Location : Brisbane

Experience : 20+ years in Auditing | GRC

Credentials : CISA | CISM | ISO 27001:2022 LA

Arijit Das

Project Manager

Location : Kolkata

Experience : 17+ Years in Project delivery

Credentials : B.COM | MBA

Cyber Audit

Cyber Audit Solutions is a specialist cyber security, risk, and compliance firm helping organisations strengthen their security posture and meet regulatory expectations with confidence

Quick Links
About Contact Services Team Blog Disclaimer Terms & Conditions Privacy Policy
Australia Office
29/37 Hillardt Street Robertson QLD 4109 +61 416 062 266 info@cyberaudit.solutions
India Office
A/P-411/23A, Hindustan Park, Kolkata-29 +91 7044 962 655 info@cyberaudit.solutions
Cyber Audit Solutions All right reserved.