Data Protection & Privacy

Data Protection & Privacy Overview

Holding Redlich helps organisations confidently manage personal data and privacy compliance. With deep regulatory knowledge and a practical approach, we support clients in building trust, mitigating risk, and staying ahead of Australia’s evolving data protection landscape.

In today’s digital economy, the secure and lawful collection, use, and storage of personal data is critical—especially in highly regulated sectors and where high-risk privacy issues arise due to sensitive information held. Australia’s data protection regime is complex and constantly evolving, with obligations arising not just under the Privacy Act 1988 (Cth), but also the Spam Act 2003 (Cth) and other surveillance and related legislation, regulations, and industry codes.

Holding Redlich provides clients with clear, practical advice to ensure compliance and reduce risk. We help organisations design and implement effective systems for handling personal data, conduct privacy impact assessments and privacy audits, and review policies and practices to meet regulatory requirements and industry best practices.

Our team regularly assists with a wide range of privacy matters, including:

Preparing privacy impact assessments for new products or projects
Reviewing current privacy policies and data practices
Developing compliance plans and conducting privacy impact assessments
Training management and frontline staff on compliance and best practices
Preparing and implementing policies, codes of conduct, and internal procedures
Responding quickly to privacy crises, such as data breaches

Recognised in the Global Data Review's GDR 100, our privacy and data protection practice is trusted by clients across sectors. We stay at the forefront of legislative change—helping you anticipate issues, protect your reputation, and maintain public and customer trust in a data-driven world.

Case Studies

Advised a shopping centre manager in adopting body worn video in a privacy compliant manner, including governance issues, risk analysis, consent and notification issues and training issues.
Supported Volvo in implementing a GDPR-aligned privacy manual and procedures for its Australian operations, and worked with its Asia-Pacific team to adapt this framework for regional use—enabling consistent, localised privacy compliance across multiple jurisdictions.
Advise illion on privacy and data compliance, covering internal processes, incident management, and regulatory responses. Support digital product development by embedding privacy from the start and provide ongoing guidance on legislative reforms to ensure compliant, innovative data services.
Advised ClearScore on privacy and data protection since its Australian launch, most recently reviewing its privacy policy and T&Cs to support new comparator services, navigating the interplay between the Privacy Act, credit reporting provisions, and Australian Credit Licence obligations.
Advising Scentre Group on strategic and high-risk aspects of its evolving digital offerings, including app development and customer segmentation projects to enhance Westfield’s hybrid retail experience across online and in-centre engagement.
Acting for the OAIC for nearly a decade, including regular appearances in Federal and Administrative tribunals on privacy and FOI matters, and recently advising on updates to OAIC’s complaints and investigations documentation, including process, template, and internal guidance materials.
Advised the ONDC on the development and implementation of the DAT Act, including legislative support, embedded legal secondees, drafting the standard data sharing agreement, and advising on governance, privacy compliance, and regulatory frameworks to support Australia’s public sector data-sharing scheme.
Engaged by an organisation to assess potential consent gaps in a public health program. Conducted stakeholder interviews and document review, then delivered a detailed report outlining consent discrepancies, practical remedies by participant type, and key governance learnings.