New Zealand marketers and GDPR

The General Data Protection Regulation (GDPR) is a hot topic at the forefront of marketers minds around the world. It prescribes new rules for collecting and using personal data of individual EU citizens.

Personal data can be broadly classified as any information relating to an identifiable individual, including, but not limited to:

  • Name
  • Address
  • ID Numbers
  • Cookie data

One of the main objectives of the GDPR is to improve the privacy protections that apply to the personal data of European citizens.  This includes new rules, such as:

  • The right to be forgotten (data erasure)
  • Portability of personal data
  • More specific consent requirements.

Who does the GDPR apply to? 

The GDPR applies to any organisation established in the European Union that is processing personal data. 

It also applies to any organisation that offers goods or services to, or monitors the behaviour of, EU citizens, regardless of whether the organisation has a presence in the European Union or whether the processing is conducted within the European Union. 

For many New Zealand based customers, it may not necessarily be the case that GDPR applies to your entire business, and we encourage you to take legal advice on that point.

Where to start?   

Once you have worked out how GDPR might apply to your organisation, a good place to start is often to improve your privacy baseline:

  • Understand what data you collect and what you do with it.
  • Use this information to improve your data security, consent and lead generation processes.
  • Build in a process for considering the privacy implications of collecting new types of data or new ways of using the data you collect.

Consumers are increasingly concerned around their data and how it’s being used. Taking these steps can provide wider benefits to your organization, even if you are only likely to be subject to GDPR in limited circumstances.

New Zealand itself is currently in the process of passing a new Privacy Bill which will include strengthened enforcement powers for the Privacy Commissioner and  mandatory breach reporting. Being compliant with New Zealand Privacy legislation is a good step to improving your overall privacy baseline, and aligning these to what may be required under the GDPR.

How to collect consent?

Under the GDPR, an organisation must be able to justify each type of data processing activity it conducts. One way of doing that (but not the only way) is by gaining the individual’s consent.

GDPR sets high standards for obtaining consent.  For marketing purposes an individual must have the opportunity to make the actual choice to provide consent - the opt-in should be clear and require direct action by the individual.

How does Qrious protect data?

At Qrious we understand the importance of aligning our data security approach with industry benchmarks.

Qrious uses a number of data security practices to protect personal information. Currently these include:

  • Staff security policies and ongoing training
  • Strict development policies in line with Open Web Application Security Project (OWASP) principles.
  • Insomnia penetration testing of the UbiQuity platform
  • Extensive security standards for accessing the UbiQuity platform including password complexity rules, IP restrictions, and Two Factor Authentication
  • And we house UbiQuity data in a secure environment with comprehensive physical controls including air conditioning, back-up power arrangements, fire detection and suppression equipment, and temperature and humidity monitors

For more information on how to prepare for the GDPR watch our webinar presented by Qrious CEO Nathalie Morris and Senior Legal Counsel Ben Winslade.


Legal Disclaimer: The information in this guide does not constitute legal advice. This is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organisation needs to comply with the GDPR.


Contact us


Head Office, Auckland

167 Victoria Street West

Auckland 1010

New Zealand


42-52 Willis Street

Wellington 6011

New Zealand

We'll contact you

Receive insights from Qrious

Follow Qrious on social media

Share a link to Qrious

Copy link

Link to Qrious on social media