Australia’s Privacy Act has undergone its most significant reforms in decades. The changes introduce stronger individual rights, expanded obligations for organisations, and substantially higher penalties for serious breaches, up to $50 million per incident.
What’s Changed
- Higher penalties: Fines now reach $50M, or 3x the benefit obtained, or 30% of adjusted turnover
- Stronger individual rights: Australians can now request erasure of their data in more circumstances
- Expanded breach obligations: The mandatory data breach notification threshold has been clarified and tightened
- Direct marketing restrictions: Tighter rules around how personal data can be used for marketing purposes
- Children’s privacy: New protections for the personal data of individuals under 18
What You Should Do Now
The most important thing is not to wait. Many organisations assume compliance is someone else’s problem until a breach or a regulator enquiry makes it very much their own problem.
- Conduct a data assessment to understand what personal information you hold and where
- Review your privacy policy and ensure it accurately reflects your current practices
- Establish or update your data breach response plan
- Ensure your DSAR process can meet the required response timeframes
- Train your team on the updated obligations
DPC works with Australian businesses across every sector to translate these obligations into practical, actionable programmes. You don’t need a legal team to get started. You need the right partner.
Need help understanding your Privacy Act obligations? Talk to our team →
