Robbie Cronin|

ASD Cyber Security PartnerAISA Member|

Privacy Act compliance before July 2026.
From $6K.

The Privacy Act small business exemption is narrowing. From 1 July 2026, businesses that were previously exempt will need privacy policies, data breach processes, and NDB scheme compliance. Get a gap analysis now, not when the deadline hits.

Small business exemption narrows: July 1, 2026

Book a free scoping call Or check your score first

Guarantee: Under 3 critical gaps found? You don't pay.

Sound familiar?

The exemption is ending

Businesses under $3M turnover that handle personal information are coming under the Privacy Act from July 2026. If you collect customer data, employee records, or health information, you're likely affected.

Penalties are serious

Maximum penalties under the Privacy Act are now $50 million, three times the benefit obtained, or 30% of domestic turnover, whichever is greater. $420,000 for individuals.

Data breach notification is mandatory

The Notifiable Data Breaches scheme requires you to notify the OAIC and affected individuals within 30 days of a breach likely to cause serious harm. You need a response plan before a breach happens, not after.

Not sure where your gaps are?

Free 3-minute scorecard. Covers Privacy Act essentials including APPs and NDB readiness.

Take the scorecard

// what you get

Privacy Act Compliance Assessment

APPs, NDB scheme, and data handling reviewed together. One engagement, one report, one person accountable. Written so your leadership team can actually read it.

Privacy Act compliance gap analysis

Data flow mapping and personal information audit

Notifiable Data Breach response plan

Australian Privacy Principles (APP) assessment

Board-ready compliance report with remediation roadmap

Included if relevant to your business:

Essential Eight baseline assessment

Cyber insurance readiness review

Automated decision-making transparency assessment (Dec 2026 deadline)

Typical Big 4 engagement

$30,000+

Your price

$6K-$8K

Delivered in 1-2 weeks. Not 6-8.

Under 3 critical gaps found? You don't pay.

Zero risk. I've never had to honour this.

// how it works

Three steps. No surprises.

Free scorecard

2 minutes. See where your business stands on Privacy Act basics. No email needed.

Take the scorecard

Deep assessment

1-2 weeks, fixed price. I review your data handling, privacy policies, and breach readiness against all 13 APPs.

Compliance report

Gap analysis with prioritised remediation plan. Written for your leadership team, not just your IT department.

// who this is for

If you handle personal information, this is for you.

Newly regulated businesses

You're under $3M turnover and haven't had to think about the Privacy Act before. July 2026 changes that.

Health service providers

You handle patient data. You're already covered by the Privacy Act but may not be compliant. The penalties have increased significantly.

Businesses handling employee data

Employee records are personal information under the Privacy Act. If you're collecting tax file numbers, health records, or sensitive information, you need to comply.

Online businesses

If you collect customer data through your website, app, or online services, the Privacy Act applies. This includes analytics, marketing data, and customer accounts.

// why me and not a consultancy

One engineer. Not a sales team.

I'm a senior software engineer with 10+ years in platform infrastructure. CNCF maintainer. ASD Cyber Security Partner. I do the assessment myself. No juniors, no handoffs, no 200-page report written by a graduate who's never seen production code.

You talk to me, I do the work, I write the report. That's why it costs $6K instead of $30K.

Ex-Big TechCNCF MaintainerASD PartnerMelbourne

// questions

Common questions

Does the Privacy Act apply to my business?

If you handle personal information and your turnover is over $3M (or will be from July 2026 for businesses under $3M), yes. Health service providers, businesses that trade in personal information, and government contractors are already covered regardless of turnover.

What are the Australian Privacy Principles?

The 13 APPs govern how organisations collect, use, store, and disclose personal information. They cover everything from transparency and anonymity to cross-border disclosure and data quality.

What's the NDB scheme?

The Notifiable Data Breaches scheme requires you to notify the OAIC and affected individuals when a data breach is likely to result in serious harm. You have 30 days to assess and 72 hours to report if notifiable.

How is this different from a Big 4 engagement?

Three ways. First, I do the work myself. No juniors, no handoffs. You get a senior engineer with 10+ years experience, not a team where the partner shows up for the pitch and a graduate does the assessment. Second, it costs $6-8K instead of $30K+. Third, it takes 1-2 weeks instead of 6-8. Same rigour, less overhead.

What about automated decision-making?

From December 2026, businesses using automated systems to make decisions that significantly affect individuals must provide transparency about how those decisions are made. The gap analysis covers this if relevant to your business.

July 2026 is closer than you think.

Start with the free scorecard. Or book a scoping call and I'll walk through what the Privacy Act changes mean for your business.