What The Privacy Act 2024 Reforms Mean For Your Business

Australia’s Privacy Act has undergone its most significant reforms in decades. The changes introduce stronger individual rights, expanded obligations for organisations, and substantially higher penalties for serious breaches, up to $50 million per incident.

What’s Changed

  • Higher penalties: Fines now reach $50M, or 3x the benefit obtained, or 30% of adjusted turnover
  • Stronger individual rights: Australians can now request erasure of their data in more circumstances
  • Expanded breach obligations: The mandatory data breach notification threshold has been clarified and tightened
  • Direct marketing restrictions: Tighter rules around how personal data can be used for marketing purposes
  • Children’s privacy: New protections for the personal data of individuals under 18

What You Should Do Now

The most important thing is not to wait. Many organisations assume compliance is someone else’s problem until a breach or a regulator enquiry makes it very much their own problem.

  • Conduct a data assessment to understand what personal information you hold and where
  • Review your privacy policy and ensure it accurately reflects your current practices
  • Establish or update your data breach response plan
  • Ensure your DSAR process can meet the required response timeframes
  • Train your team on the updated obligations

DPC works with Australian businesses across every sector to translate these obligations into practical, actionable programmes. You don’t need a legal team to get started. You need the right partner.

Need help understanding your Privacy Act obligations? Talk to our team →

Talk To Us

Want help with what you just read?

No obligations, no jargon. Just a straight conversation about where you are and what we can do together.