New Zealand: Issued Office of the Privacy Commissioner guidelines on model contract clauses for sending personal information overseas

On 19 November 2020, the New Zealand Privacy Commissioner released guidelines with model contract clauses for sending personal information overseas, following the Privacy Act 2020. Under the new privacy principle 12, businesses must ensure personal data sent abroad is protected by privacy standards comparable to those in New Zealand. This can be achieved through contractual safeguards, which specify how overseas recipients must handle the information. Model contract clauses have been provided to help businesses, especially SMEs, comply with these rules. However, cloud storage providers holding data for New Zealand clients are exempt unless they use the data for their own purposes.