Is your organisation subject to the EU’s new data laws?

​In May 2018 the European Union’s General Data Protection Regulation 2018 (GDPR) will come into force. It has been introduced to:

• better protect all EU citizens from privacy and data breaches

• ensure organisations have appropriate processes and procedures in place to manage data privacy

Fines for non-compliance can be up to 4% of global turnover or 20 million Euros.

​Why is this important to New Zealand organisations?

The GDPR applies to all organisations (inside and outside the EU) processing the personal data of EU citizens, no matter where they are living.

Personal data includes any information related to a person that can be used to directly or indirectly identify that person, and includes photos, email addresses, bank details, social media posts, and IP addresses.

New Zealand organisations impacted by the new regime may need to revisit their current data and privacy policies and processes.


See here for the main elements of the GDPR as they apply to businesses located outside of the EU.

Whilst it’s unlikely many local agencies will be directly affected, there will be many client organisations that are doing business in the EU and it is useful if agencies therefore have an understanding of the new constraints. In addition, it’s fair to say that the GDPR has been a major focus for agencies across Europe to ensure their systems and processes are compliant.