This note summarises the Notifiable Data Breaches scheme introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). This note explains how the notification regime applies to data breaches that occur on or after 22 February 2018, when the obligation to notify will apply, when exceptions may apply, how to make a notification to the Australian Information Commissioner and Privacy Commissioner (Commissioner) and to individuals, and information about the Office of the Australian Information Commissioner's (OAIC) enforcement mechanisms.