My research list

Loading My Research List ...

Save my research

Don't lose any of your research. Fill out the form below and have your research list emailed to you.

Register to receive our latest publications

Privacy law update: Cross-border data controls - are you compliant under the new rules?

November 01, 2019


Partners Jania Baigent, Sally McKechnie, Karen Ngan

Data protection (inc Privacy Bill and GDPR)

A major overhaul of New Zealand’s privacy laws is underway and you need to be ready when it comes into force (currently expected to be mid-2020).

This is the second of four briefings to help you and your organisation prepare.

Cross-border data compliance - do you know where your data goes?

You will need to know if your organisation sends any data overseas - you might be surprised to learn where your client, customer or employee data ends up being stored or processed by your service providers. If you don’t know already, you need to find out.

If you are an offshore agency and you carry on business in New Zealand, you will also be subject to the new laws.

Matters to think about

  • What data do you hold that is stored or processed by you offshore?

  • What data do you hold that is stored or processed by third parties - including related companies within your group?

  • Do you know who the data is being sent to?

  • Have you taken reasonable, proactive measures to protect the end use of the data?

  • If you do disclose data overseas, have you taken reasonable steps to make sure at least one the following apply:

    • Disclosure is to an agency that is subject to New Zealand privacy laws, is in a prescribed country or is participating in a prescribed binding scheme*?

    • Disclosure is to an agency that is required to protect the information to New Zealand standards (for example under an agreement between you and the agency)?

    • The individual concerned is expressly informed that their personal data is being sent to an agency in a jurisdiction that does not have protections to New Zealand’s standard, and the individual authorises the disclosure?

*The prescribed schemes and countries will be provided in regulations. We anticipate these will be released prior to the Act coming into force.

Get in touch / Upcoming workshops

Reviewing and implementing new privacy policies can be a complex and confusing process. Please contact our privacy law specialists if your organisation needs help to get ahead of the new Act’s commencement. Simpson Grierson are also running workshops in both Auckland and Wellington in early 2020 to help organisations get to grips with the new privacy regime. Email us here if you are interested in attending.

Privacy Bill progress update

The Second Reading of the Bill indicated a commencement date of 1 March 2020, however we anticipate a six-month transition period from when the Act is passed with commencement in mid-2020.