The Privacy (Breach of Identity Data) Amendment to the Australian Privacy Act came into force in February 2018. Organizations with annual turnover of more than 3 million AUD will have to disclose data breaches that pose a "real threat of serious harm" within 30 days of their discovery or face fines of up to 1.8 million AUD (approximately €1.1 million).