What is the GDPR?

The GDPR is simply, Europe's version of the Privacy Act. It governs the way personal information is collected, stored and managed under the EU rules.

How does it affect me as a marketer in NZ?

We're living in a global marketing environment, if you have, or are likely to have customer data on persons domiciled in the EU, you'll need to be aware of your responsibilities for managing their data. If you are an NZ based organization, trading only in NZ, then GDPR is interesting, but not important.

What do I need to do?

We've put together these informative blog posts that cover what you need to know starting with a handy check list:

Whose personal information is covered by the EU GDPR?

All individuals domiciled in EU countries.

Does that include the UK?

Yes, at the moment, they are still part of the EU and it is likely that they will follow GDPR principles if they exit the EU.

Are EU citizens living in other countries protected by GDPR?

No, unless their details are stored by organisations within the EU.

If an organisation based in NZ has a website visible in the EU, do we need to follow the rules in GDPR?

This question is not as simple as it sounds - the key is whether you're actively doing business in the EU through that website. If so, you will need to follow GDPR rules.

Why do I keep getting emails and notifications about this?

Like all new legislation, people don't know what they don't know and are quite naturally interested in finding out whether they need to comply. As a result, privacy policies are being updated across the board.

NZ has been awarded adequate status by the EU, what does that mean?

Not very flattering, is it? But it is useful because it means that organisations and persons based in NZ can transfer data and information in and out of EU countries. The existing NZ Privacy Act has been deemed as adequate protection for personal information.