Skip to main content

General Data Protection Regulation (GDPR)

GDPR governs the processing of the personal information of EU residents.

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force in May 2018.

The GDPR’s main purpose is to harmonise data protection laws across the EU. The law imposes a comprehensive set of principles and obligations on agencies who fall within its scope.

Agencies in scope of the GDPR

The GDPR applies to:

  • agencies operating in the EU (for example, who have staff living and working in the EU)
  • agencies outside of the EU that offer goods or services to the EU or monitor the behaviour of EU residents.

While the GDPR imposes additional obligations on agencies, and provides additional privacy rights to EU residents, an agency is likely to comply with most of its obligations under the GDPR if it complies with the Privacy Act. 

Agencies that are in scope of GDPR will need to ensure they have appropriate systems and processes in place to comply with all applicable additional obligations.

Office of the Privacy Commissioner — GDPR resources

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated