Your browser currently has JavaScript turned off, which means that Digital.govt.nz might not display properly on your device. It’s easy to turn JavaScript on - find out how to enable JavaScript in your browser.

General Data Protection Regulation (GDPR)

GDPR governs the processing of the personal information of EU residents.

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in May 2018.

The GDPR’s main purpose is to harmonise data protection laws across the EU. The law imposes a comprehensive set of principles and obligations on agencies who fall within its scope.

Agencies in scope of the GDPR

The GDPR applies to:

agencies operating in the EU (for example, who have staff living and working in the EU)
agencies outside of the EU that offer goods or services to the EU or monitor the behaviour of EU residents.

Do I need to comply with the GDPR? — Privacy Commissioner

While the GDPR imposes additional obligations on agencies, and provides additional privacy rights to EU residents, an agency is likely to comply with most of its obligations under the GDPR if it complies with the Privacy Act.

Agencies that are in scope of GDPR will need to ensure they have appropriate systems and processes in place to comply with all applicable additional obligations.

How do I comply with the GDPR? — Privacy Commissioner

JavaScript is currently turned off in your browser — this means you cannot submit the feedback form. It’s easy to turn on JavaScript — Learn how to turn on JavaScript in your web browser.

If you’re unable to turn on JavaScript — email your feedback to info@digital.govt.nz.

Was this page helpful?

Yes No Partly

Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

What did you come here to do?

How can we improve this information?

Last updated 11 November 2020

General Data Protection Regulation (GDPR)

Agencies in scope of the GDPR

Utility links and page information