What It Is

GRI Standards are the world's leading modular framework for sustainability reporting, comprising Universal Standards (GRI 1: Foundation, GRI 2: General Disclosures, GRI 3: Material Topics), Sector Standards, and Topic Standards. Primary purpose is disclosing significant economic, environmental, and social impacts using an impact-centric materiality approach focused on double materiality.

Key Components

• **Universal StandardsBaseline requirements, materiality process, general disclosures.
• Topic Standards (e.g., GRI 403 Occupational Health & Safety): Specific metrics and management disclosures.
• **Sector StandardsIndustry-specific material topics for comparability.
• Core principles: accuracy, balance, verifiability; mandatory GRI Content Index for compliance.

Why Organizations Use It

Drives accountability, regulatory alignment (e.g., CSRD), risk management, stakeholder trust. Enables benchmarking, investor confidence, supply chain due diligence; voluntary yet widely adopted (80% N100 firms).

Implementation Overview

Phased: materiality assessment, data systems, stakeholder engagement, content index. Applies universally; no certification but external assurance recommended. Cross-functional teams build governance, ESG platforms for HES topics.

What It Is

Privacy Act 1988 (Cth) is Australia's principal federal regulation for protecting individual privacy. It establishes economy-wide standards for handling personal information by government agencies and private sector organizations via the 13 Australian Privacy Principles (APPs). The principles-based approach emphasizes reasonable steps tailored to context, covering the full data lifecycle.

Key Components

• **13 APPsGovern collection, use/disclosure, data quality/security (APP 11), cross-border transfers (APP 8), and access/correction.
• Notifiable Data Breaches (NDB) scheme (Part IIIC): Mandatory notification for breaches likely causing serious harm.
• OAIC enforcement: Investigations, audits, civil penalties up to AUD 50M/30% turnover.
• Compliance model: Self-assessed, risk-based with OAIC oversight; no formal certification.

Why Organizations Use It

• Legal compliance for APP entities (turnover >$3M, health providers, etc.).
• Mitigates breach risks, penalties, reputational damage.
• Builds trust, enables secure data flows, supports risk management.

Implementation Overview

Phased: Gap analysis, policies, controls, training, audits. Applies to mid-large orgs in Australia; extraterritorial via Australian link. No certification, but ongoing OAIC assessments.