GDPR and its potential impact on the NZ market

The General Data Protection Regulation (GDPR) is a new law passed by Europe that outlines the requirements that businesses must follow when they process and handle data. Though it's a law that went into effect in the European Union (EU) on May 25, 2018, GDPR is still something that will impact the New Zealand market. 

GDPR Basics

Each day across New Zealand, digital information is being created by people every time they visit a website or use their mobile phone. Even a smart watch tracks the movement of the user and collects data that companies like Facebook and Google -- as well as small ones -- use. Many people aren't even aware that this data collection is ongoing and that it could be used to identify them. 

This wealth of personal information prompted the creation of a privacy law that's designed to protect consumer information. GDPR also goes a step further and holds businesses themselves more accountable should they experience a data breach. 

How Are NZ Businesses Affected? 

Though GDPR doesn't explicitly affect the NZ market, if a business has a website in the EU and/or is advertising to that audience, the website in question must comply with the law. This is also true if a business maintains an email list and they send newsletters or other content to people who live in the EU. 

Customer Rights Under GDPR

With the new law, customers are given more control over their data and how it can be used. Businesses in NZ must be able to show their customers how they use their data, where it is stored and how it is protected. Consumers can request a copy of the information that a website has collected and can update their personal information at any time. If a customer requests, they also must be unsubscribed from a business' email and other communications.

In addition, a person can request that a website erase any and all of the personal data that it currently has and refrain from sharing it with others, such as third parties. The customer may also request that any third parties that a business shared data with also erase that information and cease sharing it further. 

Businesses that are found to be out of compliance with the GDPR could face stiff penalties including fines. It's important that the NZ market ensure that they meet these requirements.