New Zealand companies should get professional legal advice to prepare for the changes that come with the EU General Data Protection Regulation, New Zealand Trade and Enterprise says.
The General Data Protection Regulation (GDPR) is a new European Union data privacy law which comes into full effect on 25 May 2018.
Its primary purpose is to create one coherent data protection framework across the EU.
"In doing this, GDPR substantially enhances data protection and privacy rights for persons in the EU, and imposes a comprehensive set of principles and obligations with which a lot of organisations operating or offering products and services in the EU must comply," NZTE says.
NZTE says this is important for New Zealand companies (and their legal advisers) as EU partners will ask them about their preparedness. All affected organisations must be GDPR-compliant before 25 May 2018.
"Most partners in the EU will expect New Zealand companies to have a compliance plan already in place."
NZTE says the new legally binding law replaces and expands on an earlier non-biding EU directive. It says companies that do not comply with GDPR could face sanctions of up to 4% of their global turnover, or up to €20 million.
The European Commission has released a helpful English language guide to the GDPR.