General Data Protection Regulation (GDPR) 15 May 2018

The European Union (EU) will soon have new rules that are likely to affect the privacy policies of businesses around the world.  They relate to the collection of data from citizens of EU countries, and so can affect businesses even as far away as New Zealand.  The EU General Data Protection Regulation (known as the GDPR – more info here) has now come into force as of 25 May 2018.

 

 

There are three key ways that it could affect your business which you should be thinking through now.

1. Assessing to what extent it will affect you

 

To answer this you need to think through questions like this:

2. Reviewing your documents

 

In light of the answers above, the key one to review is your privacy policy and it is important to check what it says and if it needs updating to reflect best practice.  In addition, it is good to look at any consent forms (or places clients click) to check that they are widely enough drafted to give consent to use of their information.

3. Documenting how you comply

 

This is both an internal record but also could be used if you were ever asked to show how you are complying.  It would document the above two points clearly to explain how compliance with the new rules is ensured.

You may want to also designate a person or group to lead the effort within the business.  A “Data Protection Officer” could help lead the way in this regard.  They may want to prepare a “Data Protection Policy” which can also be used to educate the businesses’ senior decision makers about the GDPR’s new risk-based compliance approach, and the potential effects of non-compliance.

We are able to assist companies with a review of their privacy policies in light of the changes in the EU.  While it may seem amazing that a jurisdiction so far away could impact us this is likely to be an increasing trend as we move into even more of a global economy where countries and regions look to protect the data of their citizens.  This focus is highlighted by reports of the improper use of data by companies harvesting that information to use in elections.  If your answers to any of the questions above indicate a link with the EU then now is the time to take action.

 

This article is not a substitute for legal advice and you should talk to a lawyer about your specific situation. Please contact Steven Moe stevenmoe@parryfield.com at Parry Field Lawyers (348-8480)