Operating in Australia and New Zealand? Here's What Privacy Law Requires
Australian and NZ privacy law are similar in structure but have critical differences. Here's what trans-Tasman businesses need to know about staying compliant in both countries.
The Short Answer
If your business operates in both Australia and New Zealand, you're subject to two separate privacy frameworks — the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020.
Both are built around 13 privacy principles and mandatory breach notification. But there are critical differences that affect what your privacy policy must cover — particularly around the small business exemption, breach notification regulators, and penalty regimes.
The Key Differences at a Glance
| Feature | Australia | New Zealand |
|---|---|---|
| Small business exemption | Yes — under $3M turnover (being removed 2026-2027) | No — all businesses covered |
| Core principles | 13 Australian Privacy Principles (APPs) | 13 Information Privacy Principles (IPPs) |
| Breach notification | NDB scheme — notify OAIC | NPB scheme — notify Privacy Commissioner |
| Max penalty | Up to $50M | Court-ordered compensation |
| Statutory tort | Yes — since June 2025 | No direct equivalent |
What This Means for Your Business
The most important point for NZ businesses: there is no small business exemption in New Zealand. If you collect personal information from NZ customers — regardless of your turnover — the Privacy Act 2020 applies to you right now.
If you also operate in Australia, you need a privacy policy that covers both frameworks. A policy written only for AU law won't address NZ-specific requirements like IPP 13 (overseas disclosure) and the Notifiable Privacy Breach scheme terminology. And vice versa.
Read the Full Trans-Tasman Guide
We've written a comprehensive guide covering every difference between the two frameworks, whether you need one policy or two, and the most common mistakes trans-Tasman businesses make.
Read the full AU & NZ privacy law comparison →
Last updated: April 27, 2026
This guide provides general information about Australian and New Zealand privacy law. It is not legal advice. For specific questions about your trans-Tasman compliance obligations, consult a qualified privacy lawyer.
Need a Policy That Covers Both?
ComplianceKit's Trans-Tasman bundle generates a single privacy policy covering both the Privacy Act 1988 (AU) and the Privacy Act 2020 (NZ) — all 13 APPs, all 13 IPPs, the NDB scheme, and the NPB scheme.
Generate Your Compliant NZ Privacy Policy
ComplianceKit automatically includes all 13 Information Privacy Principles and the Notifiable Privacy Breach scheme. Generate your NZ policy in 5 minutes.
Get Started →Last updated: 27 April 2026
This guide provides general information about New Zealand privacy law. It's not legal advice. For specific legal questions about your situation, consult a qualified privacy lawyer or contact the Privacy Commissioner at privacy.org.nz.