New Zealand: Government Chief Digital Officer issued Standard for providing non-government third parties with access to, or collection of, government-held personal information

On 1 May 2025, the Government Chief Digital Officer (GCDO) issued the Data Protection Standard for providing non-government third parties with access to, or collection of, government-held personal information. The Standard sets out requirements for public service agencies to follow when engaging with third parties, including the obligation to conduct a risk assessment and, where required, to establish legally binding agreements. These agreements must define the legal basis for sharing, specify the permitted purposes, and include provisions for conflict of interest disclosure and management. The Standard will apply to all public service agencies from 1 July 2025.