Overview: Complying with both the Privacy Act and the GDPR

Preliminary questions to consider

Many Australian businesses may find themselves in the situation of having to comply with two privacy regimes — under our own Privacy Act 1988 (Cth) (Privacy Act) and under the GDPR.

This subtopic is designed to assist businesses caught by both regimes to understand how they compare, as a first step in the journey of putting the necessary compliance measures, policies and processes in place.

In this subtopic you will learn:

  • preliminary questions to consider;
  • comparing the Privacy Act and the GDPR;
  • unique aspects of the GDPR; and
  • practical issues to consider with complying with both the Privacy Act 1988 (Cth) and the GDPR with our practical comparison table.

As each organisation’s size, scale, resources, budget and operational requirements are different, it is beyond the scope of this subtopic to provide definitive and detailed guidance on a compliance program that will satisfy the requirements of both regimes. In any case, for the reasons noted, it is not possible to provide such advice in the form of “template” or “generic” documentation.

What this subtopic does aim to do, however, is to highlight key similarities and differences between the two regimes, to assist the reader in designing or commissioning the design of a suitable compliance regime and associated documentation.