Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
EU - New Zealand: GDPR v. The Privacy Acts
In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Privacy Act 1993 (the Privacy Act) and the Privacy Act 2020 (the Privacy Act 2020).
The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Privacy Acts with the GDPR.
You can access the latest version of the report here.
What are the Privacy Acts?
Personal data protection in New Zealand was primarily regulated through the Privacy Act and its 12 Information Privacy Principles (IPPs). However, on 26 June 2020, Parliament passed the Privacy Act 2020, which came into force on December 1, 2020. The Privacy Act 2020 repeals and replaces the Privacy Act and contains 13 IPPs that govern the use of personal information in New Zealand.
Key highlights
The PDPA and the Privacy Acts share broad similarities and share certain fundamental concepts and approaches within the realm of data protection:
- similar definitions for processing for research purposes;
- data subject rights, such as the right to be informed and the right of access; and
- their approaches to civil remedies for damages.
However, despite their similarities, the Privacy Acts and the GDPR also differ sometimes in their approach, such as:
- their personal and material scopes;
- how they define personal data, pseudonymization, and controllers and processors; and
- their approach to data processing records and Data Protection Impact Assessments.