GDPR: For New Zealand Businesses
As individuals, many of us will have seen emails from the likes of Google, EBay, Paypal etc advising us of their commitment to the new “GDPR”. The GDPR is the General Data Protection Regulation and is being introduced across the EU from 25 May 2018.
There is a great deal of similarity between the GDPR and the provisions of New Zealand’s 1993 privacy legislation, but there are also some differences, such as the GDPR’s ‘right to be forgotten’ which does not have an equivalent under our local Privacy Acts.
The Office of the Australian Information Commissioner (OAIC) has provided the following breakdown of businesses that may be required to adhere to the GDPR:
- a business with an office in the EU;
- a business whose website enables EU customers to order goods or services in a European language (other than English) or enables payment in euros;
- a business whose website mentions customers or users in the EU;
- a business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.
If you fall into any one or more of the above criteria and collect or obtain any information relating to an identified (or identifiable) natural person you should seek advice on this from your legal advisors. More background can be found here.