Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Insights on data, AI & business. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

Google Workspace Gemini for Australian Business
Blog AI

Google Workspace Gemini for Australian Business

A practical guide to Google Workspace Gemini for Australian businesses. Pricing, data residency, and what regulated firms need to verify before rollout.

Sam McKay

If you run a business in Australia and your team lives in Gmail, Google Docs, Sheets, and Meet, the question is no longer whether AI lands inside your daily tools. It already has. The question is what Google Workspace Gemini actually costs, where your data ends up, and whether your regulator is going to be comfortable with the answers.

This is the local version of that conversation. Not the keynote version. The version where we sit across the desk and work through it.

What Gemini Actually Sits Inside

Gemini in Google Workspace is Google’s generative AI woven into the apps your staff already open every morning. It drafts replies in Gmail, summarises long Docs threads, builds formulas and pivot tables in Sheets, generates slide decks from a prompt, and takes notes in Meet. There is also Gemini Advanced, a separate tier that lives at gemini.google.com and is closer to a general chatbot experience.

The bit that matters for a business owner is that there are two different purchase paths. The first is Gemini as an add-on to your existing Workspace plan. The second is one of the newer Workspace plans that bundles Gemini in, such as Business Standard with Gemini or Business Plus with Gemini. The pricing between the two paths is close but not identical, and the data handling promises differ slightly depending on which plan you are on. Get this wrong and you have either overpaid or, worse, you have staff using a tier that does not give you the controls you thought you had.

A Realistic Cost Picture for Australian Teams

Pricing moves, so treat any number here as a guide rather than gospel. As a rough rule, a Workspace Business Starter plan is in the low teens per user per month in AUD, Business Standard sits around the low twenties, and Business Plus climbs into the low thirties. Adding Gemini as a separate add-on used to push another USD 30 per user per month onto the bill, which lands at roughly AUD 46 to 47 per user per month, give or take the prevailing exchange rate.

If you are on a 50-seat operation and you want Gemini across the whole team on the add-on path, you are staring at close to AUD 2,800 to 3,000 per month before you have touched a single other piece of software. That is not a casual purchase. It is a fleet vehicle, not a coffee. Most of the businesses we work with roll it out to a smaller group first, measure the lift, then expand.

For trans-Tasman operations, remember the same Workspace subscription can be billed in AUD or NZD depending on how the account was set up, and the consolidated billing can behave differently once you cross the Tasman. Worth a conversation with whoever set the tenancy up.

Where Your Prompts and Documents Actually Live

Data residency is the part that gets glossed over in the sales demo and matters most the day something goes wrong. Google has expanded its data centre footprint across Sydney and Melbourne in recent years, and the Workspace Data Regions feature lets you pin certain data classes, including Gemini interactions for some plan types, to Australia. Whether you can pin your specific Gemini traffic to an Australian region depends on the plan tier and on Google’s current product settings, so verify the exact scope with your reseller or with Google directly before you sign anything.

The thing most owners do not realise is that your staff’s prompts, the documents they paste in, the customer data they ask Gemini to summarise, all of that is a record. Even if it is not used to train Google’s foundation models under the default Workspace settings, it is still a piece of information your business handled. Treat it that way. Have a written rule about what can and cannot be pasted into a prompt.

The Privacy Act 1988 and the Australian Privacy Principles

If you turn over AUD 3 million or more in revenue, or you handle health information, or you are a related body corporate to a covered entity, the Australian Privacy Principles under the Privacy Act 1988 apply to you. Tranche 1 reforms have already tightened things up, and Tranche 2 was being debated through 2025, so the goalposts have moved from what you may remember reading about. Verify the current state with your lawyer before you treat this section as definitive.

Two APPs cause most of the pain. APP 6 covers use or disclosure of personal information. If a staff member pastes a customer email into Gemini to “summarise this for me”, that is a use of personal information, and your existing privacy policy needs to be honest about it. APP 8 covers cross-border disclosure. The moment a prompt travels to a data centre outside Australia, you are potentially making a cross-border disclosure, and your privacy policy and your contracts need to reflect that. The New Zealand Privacy Act 2020 has a similar concept in Privacy Principle 12 on offshore disclosure, which is the equivalent test for any NZ arm of your business.

In practice, the fix is unglamorous. Update your privacy policy. Add an internal AI acceptable use policy. Run a short training session. Document the data flows in a one-page diagram. None of that is hard. All of it is what an OAIC complaint will look for if a customer asks where their information went.

APRA CPS 234 and the Bar for Finance and Insurance

If APRA regulates any part of your group, CPS 234 on information security is the regulation that will dominate this conversation. It requires an entity to maintain an information security capability that is commensurate with the size and complexity of its operations, and to implement controls to protect its information assets. That covers third party providers too, which means Google is in scope.

The work this triggers is real. You will need a current third party risk assessment on Google, with Gemini named as an in-scope service. You will need to confirm Google’s data handling commitments align with CPS 234, particularly around notification of material information security incidents. You will want to confirm data residency for any regulated data. For a Sydney wealth manager I spoke with recently, this took about six weeks of part-time work between the CTO, the risk lead, and an external auditor. That is the realistic timeline, not a one-pager.

If you are a smaller APRA-regulated entity, the work is lighter but the obligations are the same. Document the decision, even if the answer is “we accept the residual risk and here is why”.

AHPRA, Patient Notes, and Clinical Record Keeping

For clinics, allied health practices, and anyone registered with AHPRA, the question is whether Gemini is part of the clinical record. If a practitioner pastes clinical notes into Gemini to generate a letter to a GP, and that prompt lives anywhere outside the practice management system, you have a record-keeping issue on your hands. AHPRA’s code of conduct expects health records to be kept in a way that protects the patient, that is retrievable, and that supports continuity of care.

The other live concern is the revised advertising guidelines and the use of AI in patient-facing material. If Gemini is drafting your social media or your website copy, a human practitioner still has to take responsibility for it. Generated copy that overstates outcomes is still a breach if it goes out under your name. Verify the current AHPRA advertising code and your board’s position on AI-assisted content with your legal advisor before you publish at scale.

ASIC’s Growing Interest in AI Claims

ASIC has been clear that businesses using AI in financial services still owe their existing obligations. If you use Gemini to draft advice summaries, to respond to client queries, or to generate compliance documentation, the substance of your conduct is what ASIC looks at, not the tool. Information Sheet 271 and the broader ASIC technology and cyber resilience guidance are the starting points, but the most important point is that “the AI wrote it” is not a defence to a misleading conduct allegation under the Corporations Act or to a breach of your AFSL obligations.

For a financial advice firm rolling this out, the practical step is a sign-off matrix. Anything that goes to a client gets reviewed by a human before it leaves the building. The AI does the first draft. The adviser owns the output. Document that workflow and audit it quarterly.

Practical Use Cases We See Paying Off

The wins we see in Australian businesses are boring on purpose. A Melbourne accounting firm in our network uses Gemini in Sheets to reconcile bank feeds against Xero exports, cutting a Tuesday morning job from two hours to about twenty minutes. A Brisbane construction services company drafts tenders in Docs with Gemini, then has a human estimator refine the numbers. A Sydney marketing agency uses Gemini in Gmail to triage inbound briefs, with a strict rule that no client file is pasted in, only the brief text.

Notice the pattern. Tight scope, defined inputs, a human at the end. That is where the productivity lives. The grand “AI will run my business” rewrites are still fairy tales for most operators.

Where It Falls Short, Honestly

Gemini inside Workspace is not great at long, multi-step reasoning. It is not a replacement for a data analyst working in Power BI or Tableau. It hallucinates confidently, so any number it produces for a client needs a second set of eyes. It will sometimes rewrite your carefully worded client email in a tone that sounds like a press release. And the integration with non-Google systems is still thin. If your CRM is HubSpot, your accounting is Xero or MYOB, and your job board is Seek, you should not expect Gemini to reach across and pull from those without a connector product in the middle.

Be wary of vendors who promise a single AI that touches every system in your business. In our experience those projects take eighteen months and land somewhere between disappointing and abandoned.

A Staged Rollout That Won’t Burn You

The order that tends to work for Australian operators is this. First, write a one-page AI acceptable use policy. Second, pick one team, ideally the one with the most repetitive written work, and give them Gemini for thirty days. Third, measure one or two hard outcomes, like hours saved on a specific task, not vague satisfaction scores. Fourth, expand to a second team, and only after you have a written handover from the first team on what worked and what did not.

Make sure the rollout lines up with your existing tools. If you use Xero for the finance team, do not let the rollout create a parallel world where finance data lives in Gemini prompts and not in the system of record. The whole point is to keep your system of record intact and use AI at the edges.

A Second Pair of Eyes Before You Commit

This is the kind of decision where a fresh perspective saves real money. The pricing structures change, the plan names change, and the data handling language is genuinely tricky. A 60-minute audit of your current Workspace setup, your data flows, and your regulatory exposure is usually enough to surface the one or two decisions that will save you a six-figure mistake.

Enterprise DNA works with NZ and AU businesses on this challenge. Book a 60-min Omni Audit: https://calendly.com/sam-mckay/discovery-call?utm_source=edna-landing&utm_medium=blog&utm_campaign=nzau