An entity that is required to comply with the APPs must ensure that it has a number of mechanisms in place to ensure compliance, including a compliant privacy policy, adequate training for staff, appropriate security and information destruction procedures, a process for dealing with complaints and a process for dealing with possible or actual personal information security breaches.

See What is needed in order to demonstrate compliance?

Industries and organisations are allowed under the Privacy Act 1988 (Cth) to develop their own privacy codes in addition to the APPs. The codes must be approved by the Office of the Australian Information Commissioner (the OAIC), and certain conditions must be satisfied before the codes will be registered. Before a code can be approved, the OAIC must be satisfied that members of the public have been given adequate opportunity to comment on the draft of the code.

In certain circumstances the OAIC may also develop its own APP code. The office must keep a register of approved codes that is publicly available either as a link from the Office's website or as a printout available on request.

See APP codes.