The European Union's General Data Protection Regulation (GDPR) came into effect on 25 May 2018.  The GDPR applies not only to EU Member States, but to New Zealand agencies that offer goods or services to EU residents, monitors the behaviour of EU residents or processes personal data of EU residents. 

If your organisation falls into one of these categories, we recommend reviewing your current privacy and data protection practices.  The GDPR introduces a number of requirements that do not currently apply in New Zealand, including the requirement to demonstrate explicit consent to the collection of information and mandatory breach notifications.

We are happy to advise further if you are concerned or have any questions regarding the application of the GDPR and what steps you may need to take to prepare.