Three years ago the regulator flagged loyalty privacy legislation and something that might look like GDPR. Post the breaches the Attorney General called our privacy laws “out of date and not fit-for-purpose in our digital age” with a large overhaul coming this year. At the end of 2022 penalties for companies that are breached increased from US$1.5m to US$35m (or 30% of the company’s revenue if that’s bigger).