How Does an EU Law Affect Your Business in NZ?
Article 3 in the GDPR states the territory encompasses:
- This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
- This Regulation applies to the processing of personal data of data subjects (EU Citizens & Residents) who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
- the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
- This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
Therefore if you have a website that is available for anyone in Europe to visit…. You MUST comply with GDPR. However, if you only work with NZ customers then you may simply need GDPR Shield and push non NZ visitors away from your website.
Giovanni Buttarelli, the European Data Protection Supervisor stated:
“I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum.”
With actions coming towards the end of 2018, it’s imperative to fully understand the data protection and privacy landscape and how it affects your business and how your organisation operates.
Our Own NZ Privacy Law is Being Updated and Will Follow GDPR
How We Help To Protect You
We advise organisations on best practice to ensure ongoing compliance with Data Protection requirements and the EU General Data Protection Regulation (GDPR).
We have a long standing experience in the field of data protection and are recognised internationally as an expert provider in this area since 1998. We were the co-authors of “Business Information Security Survey ’98: The True Cost To Business”
Our full suite of GDPR services includes:
- Readiness assessment and gap analysis
- Compliance planning and consulting
- Developing data breach or incident response plans
- Implementing GDPR preparation and recommendations
- Privacy impact assessments
- Awareness staff training
- Fully backed by a GDPR Lawyer