This update provides an overview of the Australian Prudential Regulation Authority's (APRA) draft Prudential Standard CPS 230: Operational Risk Management (CPS 230) and its potential implications for data protection obligations for APRA-regulated entities, especially in regard to the use of third or fourth-party service providers who may not themselves otherwise be regulated by APRA. It also provides information regarding the projected timeline for the finalisation and implementation of CPS 230.
The full text of this resource is available by logging in or by requesting a trial. If you have any questions, please contact us or your Practical Law Account Executive.