Be ready for changes to Australia’s Privacy Law with a Privacy Impact Assessment

In 2024, the Federal Government will legislate to change Australia’s Privacy Act to bring the law into the digital age. These reforms will strengthen consumer privacy rights and establish a more robust framework for data management and security. These changes will affect every single Australian organisation (including Small Businesses).

If you’re not across how your data is managed, stored, handled and destroyed, you need a Privacy Impact Assessment now to ensure your organisation is prepared for these changes.

Why are the Privacy Laws changing?

Australia has lagged behind most countries with the protection of privacy data. Recent large scale data breaches (like Optus and Medibank) have impacted millions of Australians' personal details.

The 2023 survey results on Australia's attitude to privacy by the Office of the Australian Information Commissioner (OAIC) revealed just how significant a concern privacy is.


Australians want the government to legislate to protect privacy more


of Aussies want to be able to seek compensation in court for privacy breaches


of Australians see protection of their personal information as a major concern in life


Privacy is the third most important factor to Aussies when selecting a product (only behind quality & price)

Get ahead with our free personalised workshop or virtual presentation

Contact us today

Act early to mitigate costs

To draw a parallel with the GDPR privacy laws in the EU, eighty eight percent of global companies said GDPR compliance alone costs their organization more than $1 million annually, while 40% spend more than $10 million.

For most Australian organisations becoming compliant is likely to be a significant, multi-year project. Changes to Australia's Privacy Laws will impact your HR, Payroll, Marketing, Sales, IT and Security departments.

Act early to mitigate risks

Failure to comply with GDPR resulted in significant fines, from smaller ones like €4,800 penalty for an unlawful CCTV system, to the hefty €50 million fine to Google for processing personal data without receiving valid consent from users.

In Australia, the current penalty for serious privacy breaches is $50 million or 30% of an organisation’s domestic turnover. It's likely these fines will increase with new legislation as will the Office of the Australian Information Commissioner's power to enforce them.

Act early to ensure compliance

So, if there’s something to learn from the impact of GDPR compliance, it’s not whether Australian businesses should pay attention to these changes, but how quickly can you get prepared for this overhaul to your data systems and digital marketing.

The reality is stricter privacy laws are coming, most organisations are not ready and it will pay to get ahead of the changes early.

AFR: Understanding unsexy law reform could turn you into a business superstar

In Australia, the current penalty for serious privacy breaches is $50 million or 30% of an organisation’s domestic turnover. It's likely these fines will increase with new legislation.

Mumbrella: The winners and losers of Australia’s new privacy laws

Revium Queensland Director, Rebecca White, explains who will end up the winners and losers of Australia's new privacy laws, following a new privacy report released by the Federal Government.

Companies, and particularly digital marketers, have become addicted to the vast amounts of data they can derive on citizens, and will struggle with new privacy laws.

Privacy laws are a win for the public, but a threat to bottom lines

While greater privacy presents as good news for the public, for business and particularly for the digital industry, it will bring a lot of heartache, cost and complexity.

Who needs to be prepared?

Every Australian Business. Even if your organisation has strong data privacy policies, processes and infrastructure established, getting up to speed is likely to be a major, multi-year project.

These changes will have significant impact across your systems, processes and people, requiring a coordinated approach from every department in your organisation including:

  • IT and Security Teams

  • Operations and HR

  • Sales and Marketing

  • Payroll and Financial

How to be prepared

Revium has a structured approach to assist organisations in preparing for the upcoming changes to Australia's Privacy Laws.
Our offerings include free virtual presentations and/or face-to-face workshops designed to guide you in preparing for the changes in Australia's Privacy Law. Throughout these sessions, we empower you and your team with essential background information on Australia's privacy laws, delve into the growing public demand for more stringent privacy policies, and outline the key pillars that will be most affected by the upcoming laws.

Step 1: Threshold Assessment

Following the educational phase, we transition to a Privacy Law Preparedness Assessment. This is an initial, high-level evaluation aimed at providing insight into your organisation's readiness for the impending privacy law reforms.

The assessment comprises:

  • A survey to be completed by relevant stakeholders

  • Workshops with key stakeholders

  • Scoring against six data categories

  • A Threshold Assessment Report

By the end of this assessment, you'll gain clarity on the magnitude of the required efforts and a comprehensive understanding of areas of risk pertaining to both current and future state laws.

Step 2: Audit & Report

Based on the Threshold Assessment, we will deep dive into all the PII interactions in your organisation. The inclusions of this step will be bespoke and tailored to your organsiations specific needs. Possible actions could include:

  • Systems Review​

  • Contract Review​

  • Policy and Procedure Review (incl. Data breach processes and tools review)​

  • Existing security Mechanisms Review​

  • Marketing Processes Review​

  • Employee data consent review​

  • Detailed data map development including - what data you have, where it’s stored, how it’s managed, who has access, where it can move to/from, what triggers movement, destruction process, etc.​

  • Delivery of a full Pii Assessment Report (including data map) with next step recommendations

At the conclusion of this step, you will have a comprehensive view of your current PII data systems, processes and handling, plus areas that require remediation to comply with the upcoming changes to legislation.

Want to learn more?

Getting ready for these changes will be multi-year process for most organisations. It could require changes to many of your foundational technology systems as well as a complete rethink of your digital marketing strategy​. It’s important to start now and spread the effort and cost across the next 18 months.

Started with our free workshop or virtual presentation.

Contact us today