How do I comply with the GDPR?
If you are a New Zealand-based agency or business, the best starting point is to make sure you comply with the New Zealand Privacy Act. That will take you a long way towards compliance with the GDPR.
Here are some useful resources to help:
- Priv-o-matic - making a privacy statement
- Privacy ABC - short online learning module(external link)
- Privacy 101 - detailed online learning module(external link).
Some parts of the GDPR, such as the requirement to have a privacy officer (called a data protection officer or DPO) and the obligation to notify regulators of a serious data breach, already have equivalents in the New Zealand Privacy Act. Others, like data portability, are not expressly provided for in the Act.
If you are a New Zealand-based agency covered by the GDPR, you may need to appoint a Data Protection Officer or agent to act on your behalf in Europe and to handle any matter arising under the GDPR. Find out more here(external link) about when you need to have a Data Protection Officer.
You can also find out more about the GDPR in these related AskUs articles: