I got a lot of enquiries over this, and although I stress I am not a lawyer, and this is my understanding of the law.
* All organisations in Australia have an obligation to protect peoples privacy but not all the laws refer to all organisations.
* All websites must have a privacy policy. Here is our privacy policy on our website, please fill free to copy and modify it, if you do not have such a privacy statement now. As our system talks directly to Shopify, you can use the Shopify privacy policy generator too.
* The current new laws are based on existing privacy laws and there are many laws about privacy both State and Federal. In my state of Victoria, there are seven laws listed for Victorians in the Wikipedia here plus there are a further eight laws listed that would cover us federally.
I found the Victorian government very useful in this, and they gave me here a free template to create our privacy statement.
* What really stunned us when we were briefed about these new laws is that a violation of the privacy laws may occur even if the information is false. For example, say I put in the computer a client's date of birth as 01/01/1990 and this is not true. It may not matter if a data breach occurs as it appears in the data that your birthday is 01/01/1990.
As all states have their own laws, if you have any queries you should address it with your state government authority or your state industry body.