How the GDPR, APP and NBD privacy and data security laws affect Australians

The Australian Privacy Principles (APP) and Notifiable Data Breach laws apply to all Australian businesses with a turnover of $3m+ (plus some specific smaller businesses such as medical centres and those dealing in credit). You may have heard of “GDPR,” a similar set of regulations coming into effect this month that will affect all businesses that have an office in the EU and/or transact with European citizens. These laws define how businesses must handle, use and protect personal information.

In this week’s webchat, 1300 Web Pro Directors James and Brendan explain the Australian Privacy Principles, Notifiable Data Breaches and GDPR privacy and data security laws. Find out whether these laws apply to you and why they are important. Regardless of the type of business or non-for-profit you run, you must ensure you are up to date on this legislation.


The Australian Privacy Principles (APP) are a set of rules that many organisations in Australia must comply with.

Examples of the regulations include:

  • Open and transparent management of personal information
  • Individuals having the option to transact anonymously
  • How personal information can be used and disclosed
  • Keeping personal information secure

You are subject to APP if:

  • Your business has a 3 million dollar turnover for not-for-profit/private sector organisations
  • You are a Government body
  • You are in specific industries such as private health services & credit reporting

To read the Australian Privacy Principles, and see who they apply to, visit this page at the Office of the Australian Information Commissioner. Click this link! »


The Notifiable Data Breach (NDB) rules define how organisations respond to data loss.

Data loss could be a “hacking” event, but it can also be as low-tech as a lost USB stick. A staff member accessing personal information without a legitimate business need can even be deemed a “breach” under the Act.

An assessment is required to assess whether harm is likely to come to the person(s) whose data was lost as a result of the breach. If the data breach is likely to result in serious harm, the Notifiable Data Breach laws require an organisation to notify individuals and report the breach to the Australian Government.

If your business relies on cloud service providers (such as Microsoft Office 365, or even 1300 Web Pro hosting services), you need to consider how a breach at the service provider level could affect your organisation’s compliance with the Notifiable Data Breach laws. This is probably the most complicating factor.

For more on the Notifiable Data Breach legislation, from the Office of the Australian Information Commissioner, Click this link! »


You may have heard the news recently that the General Data Protection Regulation (GDPR) comes into effect late this month in Europe. GDPR is similar to the Australian Privacy Principles, but with some very important differences.

GDPR applies to:

  • Anyone in the EU
  • Any business with the presence in the EU (such as, an Australian business that has a contractor or salesperson in the EU)
  • If you do business with European Citizens (including eCommerce stores selling into the EU).

Major differences between GDPR and the Australian Privacy Principles (APP) are:

  • GDPR applies to businesses of all sizes, whereas some businesses are exempt from APP.
  • GDPR has an additional requirement for a person to request deletion of all their historical data (eg. to “disappear”).
  • GDPR is not limited to businesses based in the EU.
  • There are also differences in relation to data breach notification.

It is a common misconception that EU GDPR laws will not affect Australian businesses. It is important to seek appropriate advice now, rather than finding out your organisation is subject to GDPR after it is too late.

Fortunately, the Office of the Australian Information Commissioner has published a comparison between APP and GDPR, to help your business take a harmonised approach to privacy and data security. To view this comparison article Click this link! »

Did you find this information beneficial?

Do you want to speak to someone further? We are happy to share our knowledge. Call us on 1300 932 776

Feed your brain!  View more Webchats


Request and book a free consultation to receive a Quote and Start a Project.

The Process

  • Arrange a Consultation
  • We provide a Quote
  • We start work on your Project

Request a Quote

Leave me blank...


With dedicated support specialists Clevvi is able to partner with your business for anything digital.

Client Support - Are you an existing customer requiring support?
Email Set Up

Email set up instructions and Webmail Link.

Send Files

Need to send us some pictures or video? Use this link to upload your files directly to us.

Send Files
Remote support

Existing clients can use the below link to launch our Remote Support tool.


Pro-Active Support Plans

Like a car, your website needs some regular attention to stay at its best. Our support packages are designed to keep your website current, relevant, ranking on Google and continually improving from launch date to its last day.

Find out more about Pro-Active Support Plans

Log a job

Complete the form below to reach our friendly team.
Leave me blank...

Get in Touch

We are happy to help and would love to hear from you. Get in touch with us today!

Contact Details

Phone1300 932 776

Toowoomba 22 / 489 South St Toowoomba QLD 4350

Gold Coast 14 / 17 Karp Court Bundall QLD 4217

Mail PO Box 4902 GCMC QLD 9726

Social Media Channels

Complete the form below to reach our friendly team.

Leave me blank...
Toowoomba Map Image
Gold Coast Map Image