Skip to main content

Q3 - How does the government decide if a Fiduciary should be classified as a Significant Data Fiduciary (SDF)?

The Central Government may notify a Fiduciary as an SDF based on specific factors:

  • The volume and sensitivity of the data it processes.
  • The risk of harm to Data Principals if something goes wrong.
  • The potential impact on sovereignty, integrity, or national security.
  • The likelihood of influencing electoral democracy or public order.
Example

A social media platform like ABC Connect processing millions of user profiles, private messages, and facial images is highly likely to be declared an SDF.

A local retail chain processing a few thousand loyalty card details will not qualify.

This approach ensures regulation is risk-based: bigger impact = stricter obligations.