Home topics news Credits: pexels News News From GDPR to privacy act: What businesses can learn Yajush Gupta January 15, 2025 Australian businesses must place consumer privacy and information security at the core of their 2025 data strategies or face new legal risks in addition to potential operational and reputational damage. The first tranche of long-expected reforms to Australia’s Privacy Act, the Privacy and Other Legislation Amendment Act 2024 , was legislated in late 2024 and will apply to all businesses with an annual turnover above $3 million. Dr. Ian Tho, RSM Australia Partner and one of the country’s leading data analytics experts, emphasized the importance of these changes for all businesses, regardless of size. “The initial amendment introduces a raft of changes to empower individuals, including a statutory tort that will provide a legal avenue to pursue compensation for privacy-based damage or loss against an organization or individual,” Dr. Tho said. “While lower-earning businesses have been excluded from the updated legislation for now, this may not be the case for future reform tranches, of which at least one more is expected. In the meantime, the increased consumer powers and any resulting legal action will put pressure on businesses of all sizes and sectors to lift their data security standards. “Even businesses that are not legally required to comply will likely experience increased consumer scrutiny, and those that don’t demonstrate respect for personal data autonomy, dignity, and security could face customer distrust or rejection.” Global context and consumer expectations The