Call Now Book Now
Data and technology abstract
All Services

Service

Privacy & Data Compliance

Australian businesses face increasing obligations around how they collect, use, store and disclose personal information. We help you understand your obligations and build compliant data handling practices from the ground up.

The regulatory landscape

The Privacy Act 1988 and the Australian Privacy Principles (APPs) set the baseline for how personal information must be handled in Australia. But the practical requirements - particularly for businesses operating online, collecting customer data at scale or working across multiple jurisdictions - go well beyond a boilerplate privacy policy.

Recent reforms have significantly increased the consequences of getting it wrong. Serious breaches can now attract penalties of up to $50 million, three times the benefit obtained or 30% of domestic turnover - whichever is greatest. The 2024 reforms also introduced a statutory tort for serious invasions of privacy, giving individuals a direct right of action.

Key legislation: Privacy Act 1988 (Cth), Australian Privacy Principles, Notifiable Data Breaches scheme, Privacy and Other Legislation Amendment Act 2024, Cyber Security Act 2024 and relevant state legislation including the Information Privacy Act 2009 (QLD).

How we help

Privacy Compliance

  • Privacy Act compliance assessments and gap analyses
  • Data mapping and information flow analysis
  • Privacy impact assessments (PIAs)
  • Compliance program development and implementation
  • Ongoing compliance monitoring and support

Policies & Documentation

  • Privacy policies - external and internal
  • Collection notices and consent frameworks
  • Data processing agreements
  • Cookie and tracking policies
  • Data retention and destruction policies

Data Breach Response

  • Notifiable Data Breach (NDB) scheme compliance
  • Incident response planning and breach playbooks
  • Breach assessment within the 30-day statutory window
  • OAIC notification and affected individual communications
  • Ransomware payment reporting (72 hours under Cyber Security Act)

Cross-Border & International

  • APP 8 compliance for overseas data transfers
  • GDPR crossover for businesses with EU exposure
  • Multi-jurisdictional data storage considerations
  • Data sovereignty advice
  • Third-party processor due diligence

Practical privacy for growing businesses

Most of our privacy work isn't about responding to regulatory investigations - it's about helping businesses get it right before a problem arises. Common areas where we help include:

eCommerce and digital businesses

Collecting customer data through websites, apps and digital platforms creates specific obligations - around consent, cookie tracking, payment data, marketing communications and third-party platform integrations. We help businesses design compliant data practices from the outset and adapt them as the business scales.

Businesses handling customer data at scale

CRM systems, analytics platforms, loyalty programs and marketing automation tools all involve processing personal information. We advise on the privacy implications of your technology stack and ensure your data processing agreements with third-party providers are adequate.

Businesses working with third-party platforms

If you sell through marketplaces, use third-party logistics or integrate with payment processors, you're sharing customer data across multiple parties. We ensure your contractual arrangements address data handling obligations and that responsibilities are clearly allocated.

Privacy by design: The most cost-effective approach to privacy compliance is building it into your systems and processes from the start - not retrofitting it after a breach or regulatory inquiry forces the issue. We work with businesses to embed privacy considerations into product development, procurement and operational decisions.

Regulatory response

If you receive a complaint, an inquiry from the Office of the Australian Information Commissioner (OAIC) or are managing the aftermath of a data breach, we provide:

  • Guidance on regulatory response strategy and obligations
  • Preparation of OAIC notifications and responses
  • Coordination of breach response - forensic investigation, stakeholder communications and remediation
  • Complaints handling procedures and training
  • Representation in regulatory proceedings

Ready to discuss your needs?

We'd like to understand your business and how we can help. Get in touch for an initial conversation.

Book a Consultation