🍁 Proudly Canadian Owned and Operated | 🥭 Sign up now and receive our early bird discount
How to Stay Compliant Under NZ's Updated Privacy Act 2020

How to Stay Compliant Under NZ's Updated Privacy Act 2020

Jul 21, 2025

How to Stay Compliant Under NZ’s Updated Privacy Law

If your business collects, stores, or uses personal information in New Zealand, the Privacy Act 2020 applies to you. And if your team doesn’t fully understand what that means, you’re taking an unnecessary risk.

The 2020 update modernised New Zealand’s privacy law. It’s no longer just about having a privacy policy buried in a footer. It’s about how your team handles personal information day to day — from collecting it, to storing it securely, to knowing what to do if something goes wrong.

Let’s break it down in plain language.

What is the Privacy Act 2020?

The Privacy Act 2020 replaced the original 1993 version to reflect how businesses actually operate today. It introduced clearer rules, stronger protections for individuals, and real consequences for getting it wrong.

At the core of the law are 13 Information Privacy Principles (IPPs). These cover things like only collecting what you need, keeping information secure, and being transparent about how you use people’s data.

What’s new compared to the old Act?

Here are a few key changes every team should know:

  • If there’s a serious data breach, you must tell the Privacy Commissioner and affected individuals.
  • Even businesses based overseas have to comply if they’re collecting information about New Zealanders.
  • The Commissioner can now issue compliance notices and demand corrective action.
  • If you send personal information offshore, you need to make sure it’s still protected wherever it goes.

🥭Mango Moment: Your team doesn’t need to memorise the law. They just need to understand how it applies to their work and what to do if something goes wrong. That’s where short, practical training comes in.

What does this mean for your staff?

Most privacy breaches happen because someone didn’t know better. Not because they were careless, but because they weren’t trained.

If your team is emailing sensitive files without encryption, leaving unlocked devices around, or collecting more data than they need, you're exposed. And ignorance isn’t a defence.

Staff should know:

  • What counts as personal information
  • When they’re allowed to collect it (and when they’re not)
  • How to store it securely
  • What to do if a breach happens
  • How to respond if someone asks for a copy of their data

Make training easy, not annoying

Training doesn’t need to be long or overwhelming. In fact, the shorter and more specific, the better.

At MangoHR, we’ve built a series of short, bite-sized training videos that walk employees through what they actually need to know under the Privacy Act 2020. Each video ends with a quick quiz and gives staff a certificate of completion. That means no complicated setup and no chasing people for proof of training.

Why this matters more now

Customers and employees expect businesses to handle their personal data responsibly. The Privacy Act 2020 gives them the right to hold you accountable — and the tools to do it.

Training your staff isn’t just about ticking a compliance box. It’s about protecting your reputation, reducing your risk, and creating a privacy-aware culture that earns trust.

Want to see how it works?
Try our Privacy Act 2020 training module. It’s fast, practical, and built for New Zealand businesses.

Let’s make privacy easy. One Mango Moment at a time.

Related Posts

Doing Business in BC? Don’t Ignore These Privacy Rules

Apr 29, 2025

Doing Business in BC? Don’t Ignore These Privacy Rules

Many businesses in BC think PIPEDA is all they need to follow—but if you're operating entirely within the province, BC's own privacy law likely applies. Here's what that means for your business, your employees, and how you train them.

Read More
Australian Privacy Act 1988

Aug 13, 2025

Australian Privacy Act 1988

Learn about APP, APP Principles, recent reformations and what you need to do as a business to stay compliant. Data protection laws Australia, APPs explained. OAIC guidelines

Read More
India's Digital Personal Data Protection Act 2023

Aug 18, 2025

India's Digital Personal Data Protection Act 2023

Learn what India’s Digital Personal Data Protection Act (DPDPA 2023) means for your business. Key obligations, penalties, and compliance steps explained.

Read More
Lessons Learnt From IIT Roorkee's Data Breach

Aug 23, 2025

Lessons Learnt From IIT Roorkee's Data Breach

IIT Roorkee exposed personal data of 30,000 students and alumni for years. Learn what was leaked, why it matters, and how DPDPA applies. IIT Roorkee student data leak and DPDPA compliance India

Read More