Privacy Act Compliance
REQUIRED
Australian Privacy Principles (APPs) apply to businesses with over A$3M turnover or that handle health records. Mandatory data breach notification under NDB scheme.
Regional Deep Dive/APAC
Tax & Regulatory // Australia
Entity type: Proprietary Limited (Pty Ltd)
Core Compliance
Corporate Tax
25–30%
Base rate 30%; small business entity rate 25% (under A$50M turnover)
GST
10%
Mandatory above A$75K annual AU turnover. Quarterly BAS lodgement required.
Privacy Penalty
Up to A$50M
Privacy Act 1988 penalties post-2022 amendment — significant for data breaches.
Regulatory Vectors
watch
APRA Oversight (if fintech/banking-adjacent)
CONDITIONAL
APRA regulates banks, insurers, superannuation. Selling to APRA-regulated entities requires your product to pass their third-party risk management assessments.
Fair Work Act (if HR/payroll product)
CONDITIONAL
Any HR, payroll, or workforce management product must implement AU Fair Work Act compliance correctly. Non-compliance is a hard disqualifier.
Data Residency
SECTOR-SPECIFIC
Government and defence require AU data sovereignty. Regulated financial and health sectors have increasing data localisation pressure. Private sector is generally flexible.
Key Legislation
Privacy Act 1988 (amended 2022)
Governs privacy rights and data handling. Mandatory Notifiable Data Breaches (NDB) scheme applies.
Fair Work Act 2009
Employment conditions, minimum entitlements, and unfair dismissal provisions.
Consumer Data Right (CDR)
Open banking and data portability framework. Relevant for fintech and data aggregation products.
Entry Recommendation
Register a Pty Ltd, obtain an ABN and ACN, register for GST. Engage a local AU accountant from day one. Privacy Act compliance is achievable with standard legal documentation.
Regulatory Flashpoints — Evidence Base
Primary regulatory flashpoint
confidence 40Privacy Act handling of personal data and consent controls.
Needs human review