AI That Works for Heavy Industry logo
← Back to the map

Who Must Comply · Privacy Act stream

Any APP entity

Updated 30 Sept 2025

An 'APP entity' is any organisation bound by the Australian Privacy Principles — essentially most medium and large businesses, plus all Commonwealth agencies and certain small businesses caught by sector-specific rules.

Key obligations

  • Comply with all 13 Australian Privacy Principles.
  • Maintain an APP 1 privacy policy and keep it current with the new ADM disclosures.
  • Respond to access and correction requests.
  • Notify eligible data breaches.

Key dates

  • 10 Dec 2026ADM transparency obligations apply to all APP entities.

Who is affected

  • Businesses with annual turnover > A$3M.
  • Health service providers, credit reporters, contracted Commonwealth service providers — regardless of size.
  • All Commonwealth agencies.

Source documents

Information is general in nature and not legal advice. Always confirm with the source documents and your own legal counsel.