On May 25 2018, came into force the so-called GDPR (General Data Protection Regulation), a regulation relating to the protection of natural people in relation to the processing of personal data.
Which businesses are affected by GDPR and what is the extent of it?
The first thing to keep in mind is that the GDPR is not a regulation that has a particular application to a type of business. In our case, given that we are a website design agency, some clients have asked us if updating the Legal Notice on their website is the only thing they have to do to comply with the regulations.
The GDPR is something that affects the entire business, not just your website (which is a showcase of the business on the internet). At the time business deals with personal data of people (for example, its customers or employees), it has to comply with the GDPR.
And what is personal data? Any data that can identify a person’s: name, ID, a photograph, email, IP address, etc.
There are many aspects of the business to review, such as contracts that are signed with customers, employees, suppliers, security measures, etc. So, we can say that the texts of the Legal Notice type of the web page, are related to the GDPR.
Therefore, our first and best suggestion, is to put in the hands of a specialist (mainly a lawyer) to review everything related to the business to make the adaptation to the new regulations.
Is New Zealand part of GDPR?
Based on Privacy business resource Australian businesses and the EU General Data Protection Regulation, a business in New Zealand with customers in the EU, or any business that works in the EU, should confirm whether they are covered by the GDPR, and if so, take steps to ensure compliance by May 2018.
Example: New Zealandian businesses that may be covered by the GRPR include:
- A New Zealandian business with an office in the EU region
- A New Zealandian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment and purchasing product or service
- A New Zealandian business whose website mentions customers or users in the EU
- A New Zealandian business that tracks individuals in the EU on the internet and uses data processing