Employee Data Privacy

Australia - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?


A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.

Australian employers are required to designate an individual, generally called a “Privacy Officer” as the point of contact for privacy matters, including inquiries and formal complaints. The contact information for the Privacy Officer should be included within a policy.

Although there is no specific legal regulation requiring organizations to appoint a DPO, it may be recommended as way to demonstrate compliance with the Australian Privacy Principles’ (APP 1) and Codes of Practice. According to the Principles, entities are expected to take reasonable steps to implement practices, systems and procedures and to manage personal data openly and transparently. Note that reasonable steps are in part determined by the entity’s size and resources.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk