Is Your Business Data Secure and Ready for the New Privacy Rules?

By: Dan Faulknor, Published: November 27th, 2020

For New Zealand businesses, the incoming Privacy Act 2020 and the GDPR framework will require you to recognise the value of all customer data you are collecting and storing, and be more aware of the growing legal thresholds you need to meet.

It's been 27 years since the original NZ Privacy Law was enacted and much has changed in the global business landscape since then.

From December 1, 2020, organisations will need to build trust and comply with the law by applying these five measures:

1) Being aware of the Privacy Act regulations

2) Using data experts to design effective governance frameworks that ensure data security and protection

3) Emphasising transparency

4) Empowering customers

5) Promoting “privacy by design” approaches that allow customers to match their data-sharing preferences with their privacy level preferences.

Two of the most significant changes in the new Act are as follows:

1) If a business or organisation has a privacy breach that has caused serious harm to someone (or is likely to do so), it will need to notify the Office of the Privacy Commissioner as soon as possible. It is an offence to fail to notify the Privacy Commissioner of a notifiable privacy breach.

If a notifiable privacy breach occurs, the business or organisation should also notify affected people. This should happen as soon as possible after becoming aware of the breach.

2) It will now be a criminal offence to:

-- mislead a business or organisation by impersonating someone, or pretending to act with that person’s authority, to gain access to their personal information or to have it altered or destroyed.

-- destroy a document containing personal information, knowing that a request has been made for that information.

The penalty in all cases is a fine up to $10,000.

For more information about the changes the new Act includes, the Office of the Privacy Commissioner has a significant collection of resources, including an e-learning section to ensure all businesses are up to speed with requirements.

In a technologically driven business environment, the collection and analysis of consumer data is now integral to many industries - and that means all business operators will need to lift their game.

Many will have done this already when the GDPR regulations rolled out, particularly companies who trade or sell with international customers, or who have visitors from around the world using their websites, signing up to email newsletters or handing over their details in any kind of digital format.

To book in a review of your business data privacy settings, or a cybersecurity audit, get in touch and see how we can assist, or call Dan on 0800 PRODIGI to discuss your requirements.

What our customers say

"The last few years have been excellent for my website; my traffic has increased tenfold! I know right - happy days. But with more traffic comes more hosting requirements and sometimes more headaches. Dan and the team at Prodigi have been right there with me every step of the way. They tailor options to suit my needs, keep my site fast but affordable and politely answering my idiot tech questions. I could not recommend Prodigi any more highly. Excellent service, exceptional communication and no more headaches! As a blogger, I could not be happier with the service I have received. "

Stacey Kemeys

My Kids Lick the Bowl

"Dan and Prodigi have been invaluable to our team at Designer Wardrobe. They are always available whenever our site is having issues. They spend the time to understand our website and its somewhat complicated requirements. In situations where we do need to upgrade our tools, Dan has extensive knowledge and can find the best tool for the job. All of this is achieved while being mindful of budgets - the team have the uncanny ability to get the very most out of our existing products!"

Jarrad Salmon

Designer Wardrobe