Reading time: 4 minutes

When thinking about starting a new business, you will need to consider your privacy obligations. These obligations will vary depending on the: 

  • size of your business;
  • types of data you handle;
  • category of goods or services you sell; and
  • countries that you operate in.

In this article, we examine the life cycle of your business’s privacy obligations and discuss why it is important to think about privacy from the very beginning.

Which Privacy Laws Apply?

The Privacy Act contains the rules with which businesses must comply regarding the handling of personal information. Within the Privacy Act are the Australian Privacy Principles (APPs). These principles apply to:

  • small businesses with an annual turnover of more than $3 million;
  • health service providers;
  • businesses which disclose or trade personal information;
  • service providers under Commonwealth contracts; and
  • credit reporting bodies.

If your business fits into one of these categories, you will be known as an APP entity. APP entities must comply with the APPs. These principles set standards for privacy protection of personal and sensitive information.

Privacy Obligations for Startups

Establishing sound privacy practices from the beginning of your business will set a good foundation for compliance down the track. Even if you have few privacy obligations at the start, this may change as you grow, so you need to be prepared. Establishing good privacy practices also has commercial benefits, including: 

  • impressing potential investors; and 
  • boosting confidence in customers.

Good privacy practices include both internal processes and customer-facing processes. 

Internal Processes

As an employer, you will need to collect data on your employees’ personal information, including:

  • contact details;
  • bank details and tax file numbers;
  • employment and education background; and
  • health details.

An internal privacy manual should set out: 

  • what you use this information for;
  • where it is stored;
  • any situations where you may need to pass it on to third parties, including to Fair Work or other government agencies; and 
  • the process employees should follow to make a query about their privacy. 

Customer-Facing processes 

Regardless of whether you are an APP entity or not, having a clear and up-to-date privacy policy is recommended. 

It is best practice to have a privacy policy if:

  • your business collects personal or sensitive information from consumers;
  • consumers can subscribe to mailing lists through your website; or
  • you sell online.

Your privacy policy must outline what types of personal information you collect and how, exactly, you handle that information.

Your business may not be an APP entity at the start, but you can register to opt into the Privacy Act through the Office of the Australian Information Commissioner (OAIC). Compliance can be straightforward and inexpensive to manage, and by opting in, you will instil confidence in consumers by showing that you take their privacy seriously. 

Small to Medium Businesses

When your business’s revenue increases, you might become an APP entity and will need to comply with the Privacy Act.

When your business grows, you may choose to provide employees with devices like mobile phones and laptops. If someone loses a device, they may also be losing sensitive information. Therefore, your privacy manual should set out what will happen in circumstances where devices might go lost.

You should appoint someone within your business to be the privacy officer. The privacy officer will be responsible for privacy issues within the business, and you will need to contact them if there is a breach. 

If your business is an APP entity, you will also fall under the Notifiable Data Breaches Scheme. Here, there are specific steps you will need to take if a data breach occurs. 

Overseas Privacy Obligations

If you are considering expanding your business to Europe, you may do so by remaining within Australia, but sell to European businesses and consumers.

If so, you will need to comply with the European Union’s (EU) General Data Protection Regulation (GDPR). GDPR compliance is imperative, and you could face fines of up to €20 million or 4% of your annual turnover if you do not follow these principles.

Key Takeaways

Regardless of what stage you are up to in your business’s life cycle, you must comply with the relevant privacy laws. Establishing good practices from the start will set you up for compliance as you grow. Good practices will also limit the risk of fines for breaching privacy laws. If you would like to know more about your privacy obligations, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page. 


How Franchisors Can Avoid Misleading and Deceptive Conduct

Wednesday 18 May | 11:00 - 11:45am

Ensure your franchise is not accused of misleading and deceptive conduct. Register for our free webinar today.
Register Now

New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects

Wednesday 25 May | 10:00 - 10:45am

If you operate in the crypto space, ensure you understand the Federal Government’s proposed licensing and regulation changes. Register today for our free webinar.
Register Now

How to Expand Your Business Into a Franchise

Thursday 26 May | 11:00 - 11:45am

Drive rapid growth in your business by turning it into a franchise. To learn how, join our free webinar. Register today.
Register Now

Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer