Does my business need a Privacy Policy?

Under the Privacy Act 1988 (Cth), you legally must have a compliant Privacy Policy if your annual turnover is over $3 million, OR if you are a health service provider, OR if you buy/sell personal information. However, Google and Apple require all apps/websites to have one regardless of size.

Privacy Policy Requirements Australia: Do I Need One?

Privacy is no longer just “best practice”; it is a hard legal requirement with massive penalties for breaches.

Who Must Comply?

You are an “APP Entity” bound by the Privacy Act 1988 (Cth) if:¹

Turnover: Your annual turnover is > $3 million.
Health Data: You are a health service provider (GP, gym, chiro).
Data Trading: You buy or sell personal information.

What Must Be Included?

Your policy must refrain from “legalese” and clearly explain:

What data you collect (Name, Email, IP address).
How you use it.
Who you share it with (e.g., overseas servers like AWS or MailChimp).
How users can access/correct their data.

Notifiable Data Breaches (NDB)

If you are hacked and data is stolen that is likely to cause “serious harm,” you generally must notify the Privacy Commissioner and the affected individuals. Hiding a hack is illegal.

Get Compliant

Copying a template from a US website is dangerous (US law is different). We draft GDPR and Privacy Act-compliant policies.

Need a policy? Contact us for a fixed fee quote. Call (07) 5532 8777.

Privacy Act 1988 (Cth) s 6C (Organisations). ↩︎

Does my business need a Privacy Policy?

Who Must Comply?

What Must Be Included?

Notifiable Data Breaches (NDB)

Get Compliant

Need Specific Legal Advice?

Enquiry Sent

Who Must Comply?

What Must Be Included?

Notifiable Data Breaches (NDB)

Related Topics

Get Compliant

Need Specific Legal Advice?

Enquiry Sent