The General Data Protection Regulation (GDPR) is a new law passed by Europe that outlines therequirements that businesses must follow when they process and handle data. Though it's a lawthat went into effect in the European Union (EU) on May 25, 2018, GDPR is still something that willimpact the New Zealand market.

GDPR Basics

Each day across New Zealand, digital information is being created by people every time they visit awebsite or use their mobile phone. Even a smart watch tracks the movement of the user andcollects data that companies like Facebook and Google -- as well as small ones -- use. Many peoplearen't even aware that this data collection is ongoing and that it could be used to identify them.

This wealth of personal information prompted the creation of a privacy law that's designed toprotect consumer information. GDPR also goes a step further and holds businesses themselvesmore accountable should they experience a data breach.

How Are NZ Businesses Affected?

Though GDPR doesn't explicitly affect the NZ market, if a business has a website in the EU and/oris advertising to that audience, the website in question must comply with the law. This is also true ifa business maintains an email list and they send newsletters or other content to people who live inthe EU.

Customer Rights Under GDPR

With the new law, customers are given more control over their data and how it can be used.Businesses in NZ must be able to show their customers how they use their data, where it is storedand how it is protected. Consumers can request a copy of the information that a website hascollected and can update their personal information at any time. If a customer requests, they alsomust be unsubscribed from a business' email and other communications.

In addition, a person can request that a website erase any and all of the personal data that itcurrently has and refrain from sharing it with others, such as third parties. The customer may alsorequest that any third parties that a business shared data with also erase that information andcease sharing it further.

Businesses that are found to be out of compliance with the GDPR could face stiff penaltiesincluding fines. It's important that the NZ market ensure that they meet these requirements.