10 key steps to help NZ marketers comply with GDPR
Even businesses without a physical presence in the EU may have to comply with the new rules if they:
sell goods or services to a person who lives in the EU; or
monitor the behaviour of a person who lives in the EU.
The critical factor is the location of the individual (data subject) not the location of the data processor or data controller. We don’t really know how the new regulations will be monitored in countries outside the EU.
So here are 10 Key steps to help NZ marketers comply with GDPR
You must have consent to collect personal information. You will need to record how you obtained consent
Individuals have the right to access their data. You should plan how to handle any access requests
Individuals have the right to have inaccuracies corrected. Already required under NZ legislation
People can have their details erased. The right to be forgotten - this doesn’t seem practical, but it's in the regulations
Consumers can opt out of Direct Marketing. This is not in NZ law, but is best practise
Individuals can prevent profiling and automated decision making. Makes programmatic advertising a problem
People have the right to request data portability. Organisations must be prepared to securely transfer data
If you need help with Privacy queries or any other legal/regulatory issue affecting marketing just email firstname.lastname@example.org and our compliance consultant Keith Norris will help. It’s a free service for corporate members of the Marketing Association.
Please Note: This does not constitute formal legal advice. It is intended to convey what the Marketing Association considers best practice. If you are in any doubt, we recommend you seek specialist legal advice.