What is GDRP and its background
On May 25 2018, the European Union enacted the General Data Protection Regulation (GDPR) to protect and enhance an individual’s control over their digital data.
Which businesses are affected by GDPR, and what is the extent of it?
The first thing to remember is that the GDPR applies to all facets of business across all industries. As a digital marketing company designing websites, some of our clients have asked us if updating the legal notice on their website is the only thing they have to do to comply with GDPR.
If you conduct business with individuals or entities, who are protected by EU reguations. In that case, GDPR’s application may not end with a simple legal notice on your website. GDRP is engaged whenever personal data is involved in business, whether that data belongs to clients, customers, or employees.
And what is personal data?
Any data that can identify an individual’s name, ID, photograph, email, IP address, etc.
To ensure compliance with GDPR, many aspects of a business must be reviewed, such as contracts signed with customers, employees, suppliers, security measures, etc.
Therefore, our best suggestion is to put it in the hands of a specialist (a lawyer specialising in internet law) to review everything related to your business and make adaption to ensure compliance with GDPR.
Is New Zealand part of GDPR?
A business in New Zealand with customers in the EU, or any business that works in the EU, should confirm whether they are covered by the GDPR and if so, take steps to ensure compliance.
Examples of New Zealand businesses that the GRPR may cover include:
- A New Zealand business with an office in the EU region
- A New Zealand business whose website targets EU customers, for example, by enabling them to order goods or services in a European language (other than English) or enabling payment and purchasing product or service
- A New Zealand business whose website mentions customers or users in the EU
- A New Zealand business that tracks individuals in the EU on the internet and uses data processing