Data privacy is now a hot topic in NZ.
This was driven by three main factors:
1. The GDPR (General Data Protection Regulation) which came into effect in Europe in May 2018. This introduced strict regulations on what private information is, how to get consent from users, how to deal with breaches, and when personal information must be deleted. The fines for not complying were large; €20 million or up to 4% of the annual worldwide turnover. Although it is a European regulation,
it applies to any company that stores personal information for EU citizens so potentially impacts all companies world-wide.
2. Updates to the Australian Privacy Act, which makes data breach notification compulsory as of February 2018. This means that if an individual’s personal information is leaked and likely to result in serious harm the company is required by law to notify the individual(s). Again, the fines for not complying were increased to up to AU$2 million.
3. The New Zealand Privacy Act changes in 2020, introducing mandatory reporting requirements and tougher fines.
Updated privacy regulations aim primarily to give control to citizens of their personal data. It means that citizens are more aware of how their personal data will be stored, used and shared.
We recommend that a data privacy policy is created based on best practice and research performed across the industry. Staff should be trained on the privacy policy and it should be included in the staff induction process.
How to create your own data privacy policy
To create a data privacy policy the following areas and questions need to be answered:
- What data do we hold?
- We don’t tend to delete data – why do we hold it?
- When, if at all, should we purge it? Why?
- If someone asks us, what is our process on checking that they are who they say they are?
- How would we know if it were stolen or leaked? Who would we notify?
- What is our obligation to the clients and their staff? Is it different?
- Who do we notify?
You can use this generator to help create your own, but we recommend a more thorough approach
If you aren’t sure who in your organisation is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.
Check out our structured, programmatic “IT Manager as a Service” approach to help you.