Australia · Privacy (APPs)

Privacy Act compliance for Australian organisations, in one platform

AccessPoint runs the Australian Privacy Principles end to end — APP 12 access and APP 13 correction, Privacy Impact Assessments, and the Notifiable Data Breaches scheme — pre-configured for Australia and running inside your own Microsoft 365 tenant.

Australia — Privacy (APPs) at a glance

Access requests
APP 12 — give access within a reasonable period
Correction
APP 13 — correct on request, at no charge
Charges
No charge to make a request; any access charge must not be excessive
Data breaches
Notifiable Data Breaches — assess within 30 days; notify the OAIC and affected individuals
Oversight
Office of the Australian Information Commissioner — determinations and civil penalties
Languages
English

Built for Australia — Privacy (APPs)

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

APP access and correction

Handle APP 12 access and APP 13 correction requests on one intake — verify the requester, apply the exceptions, and respond within the reasonable period the Principles require — with a defensible, audit-trailed record on Microsoft 365.

Privacy Impact Assessments

Run PIAs, not just fill them in — a guided questionnaire engine with preliminary screeners, section delegation to experts, an embedded risk register, and a regulator-ready summary export.

Notifiable Data Breaches

Log a suspected eligible data breach, run the 30-day assessment against the likely-serious-harm test, and get a live checklist of the statement to the OAIC and notice to affected individuals as soon as practicable.

Records of processing

Attach every assessment to a durable record of the program or system it covers — purpose, personal-information categories, disclosures, retention, and safeguards — and keep your processing inventory current and exportable.

Complaints and OAIC determinations

Track privacy complaints and OAIC investigations with their own clocks, an investigation workspace, and a guided path from representations to a determination or enforceable undertaking.

In your own tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The 2024 privacy reforms

The Privacy Act is being rewritten. AccessPoint keeps you ahead of it.

The Privacy and Other Legislation Amendment Act 2024 began the largest overhaul of Australian privacy law in a generation, and more tranches are coming. A statutory tort for serious invasions of privacy is already in force, the OAIC's civil-penalty and compliance powers are stronger and tiered, and from December 2026 organisations must disclose the automated decisions that significantly affect people. AccessPoint operates data-subject requests, Privacy Impact Assessments, automated-decision assessments, breach notification, and your privacy risk register on one platform, in your own tenant — so as the obligations grow, the system grows with them.

Impact assessments PIAs and automated-decision assessments on one governed engine.
Breach notification The NDB 30-day assessment and OAIC notice, computed for you.
Risk register An ISO 31000 privacy risk register across your whole program.

Configured out of the box

Installing the au-privacy configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The Privacy Act 1988 and the 13 Australian Privacy Principles as the spine
  • Australian public-holiday calendar and response-time rules
  • APP 12 access and APP 13 correction request types with their exceptions
  • Privacy Impact Assessment templates with screeners and a risk register
  • Records-of-processing fields for your personal-information inventory
  • Notifiable Data Breaches assessment and notification rules
  • OAIC complaint grounds and dispositions
  • Privacy correspondence and notification templates

Australia — Privacy (APPs) Questions

Who does the Privacy Act 1988 apply to?

It binds 'APP entities' — Australian Government agencies and private-sector organisations. Most businesses with annual turnover above $3 million are covered, along with health-service providers, credit reporting bodies, and others regardless of size. AccessPoint's Australian privacy pack is configured for private-sector organisations meeting the Australian Privacy Principles.

Does it run the Notifiable Data Breaches scheme?

Yes. Log a suspected eligible data breach and AccessPoint runs the assessment on the scheme's 30-day clock against the likely-serious-harm test, then produces a live checklist of what is required — a statement to the OAIC and notification to affected individuals as soon as practicable — with a full audit trail.

Can it handle Privacy Impact Assessments?

Yes. AccessPoint's assessment engine runs PIAs end to end — preliminary screeners, a typed questionnaire, section delegation to subject-matter experts, an embedded risk register, review, and a regulator-ready summary export — and the same engine assesses automated decision-making systems as the 2024 reforms phase in.

Where does our data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, assessments, incidents, and audit history never leave your control — no third-party cloud, no vendor access, and no cross-border data transfers.

Run Privacy Act Compliance in One Platform

Try AccessPoint free for 30 days, pre-configured for Australia. No credit card required.

Start Free Trial