If you’re running a business in New Zealand, privacy comes with the territory. Handled well, it builds trust. Handled poorly, it can hurt. The New Zealand Privacy Act 2020 isn’t just a legal box to tick - it’s about being clear, intentional, and respectful with people’s information.
What actually matters?
If you’re collecting personal info, you need to know:
- what you’re collecting
- why you’re collecting it
- who has access to it
- how long you’re keeping it
💡 And importantly - people can ask to see it, update it, or have it deleted.
Yes, you need a privacy person (even if it’s you)
Every New Zealand business needs someone responsible for privacy.
For most small teams, that just means owning it internally - not overcomplicating it.
💡 If something goes wrong or someone has a question, it’s clear who handles it.
A better way to think about it
The best approach? Keep it simple and intentional.
- Only collect what you actually need
- Don’t hang onto data “just in case”
- Clean things up as you go
💡 Less clutter = less risk (and a cleaner website and CRM)
5 quick wins you can do this week
- Check your privacy policy is up to date and easy to understand
- Review what data your website is collecting (forms, tracking, plugins)
- Remove access for offboarded staff or unused accounts
- Turn on multi-factor authentication where you can
- Delete data you no longer need
Good privacy isn’t complicated - And when you get it right, it becomes part of a better customer experience.
If you want to sense check where you’re at, these are a great place to start:
If you’re not sure where you sit, happy to help.
