GDPR (General Data Protection Regulation) is a new set of European Union data privacy laws that goes into effect on the 25th of May 2018 and will affect many New Zealand businesses. The laws govern how companies collect, store and use personal information.
Organisations who don’t comply could be hit with large fines up to 4% of a company’s global annual turnover or €20 million.
You might still be thinking that these EU laws only affect Europe but not New Zealand – well it’s a lot more complicated than that. In fact, even if you use something common such as Google Analytics for your website tracking – you may lose website data that is 26 months old or more if you don’t take immediate action steps.
Why & How New Zealand Businesses are Affected by GDPR
GDPR applies to all EU residents – even if the businesses or websites serving them are based outside of Europe.
In practice, this means that companies in New Zealand and around the globe will have to comply with GDPR if they wish to continue serving European users, otherwise they would have to build separate platforms and systems just for Europe – which is not feasible and would probably not work well with the internet’s intertwined nature.
You might have already come across many instances of businesses taking action steps towards complying with GDPR such as new privacy policies, terms & conditions or consent forms being rolled out from Microsoft, Google, Spotify, Quora, Mashable, Udemy, Discord, GoDaddy, LinkedIn, and more.
The end result of the GDPR will most likely mean that users will have more transparency and control over how their data is collected and used whether they reside in Europe or not.
GDPR Requirements
Some of the main GDPR regulations includes:
Explicit Consent – which must be obtained from European users when collecting data on them. The user must opt-in and voluntarily agree to a clear statement that explains how their data is being used.
Privacy Settings – users by should be given the strictest Philippines Photo Editor privacy setting by default and will then have to manually make changes.
Access to User Data – Users will have increased rights over their data, and will be able to access where, why and how their data is processed (companies are expected to honour requests within 4 weeks).
‘The Right to Be Forgotten’ – which means that EU residents can have their data completed deleted from systems if it is no longer relevant.
Five GDPR Action Steps NZ Businesses May Need to Take
As an NZ organisation serving users around the globe it may be best to do the following tasks:
Make Google Analytics GDPR Ready
Google emailed all analytics customers last month telling them that they have to “review these data retention settings and modify as needed” before 25th of May 2018 when GDPR becomes enforced. You may have logged in and seen this pop-up: