Privacy Act + APPs — what does my Magento store need to do?

The Privacy Act 1988 + Australian Privacy Principles (APPs) apply to any business with annual turnover > A$3M (and to all health-data / credit-data businesses regardless of size). For Magento stores: (1) cookie consent banner (we wire CookieYes or CookieFirst with AU-specific text), (2) privacy policy covering APP 1 (open and transparent), APP 5 (notification), APP 6 (use / disclosure), APP 12 (access), APP 13 (correction), (3) opt-out flows for marketing / SMS (Spam Act 2003), (4) data-subject-access requests (DSAR) automation — we build an admin tool that exports a customer’s data on request within the 30-day APP-12 deadline, (5) Notifiable Data Breaches scheme — if you’re breached, you have 30 days to notify the OAIC + affected individuals. We configure logging + monitoring so a breach can actually be detected, not just notified after the fact.