New Zealand: Standard for providing non-government third parties with access to, or collection of, government-held personal information enters into force

Standard for providing non-government third parties with access to, or collection of, government-held personal information enters into force

On 1 July 2025, the Data Protection Standard for providing non-government third parties with access to, or collection of, government-held personal information entered into force. The Standard sets out requirements for public service agencies to follow when engaging with third parties, including the obligation to conduct a risk assessment and, where required, to establish legally binding agreements. These agreements must define the legal basis for sharing, specify the permitted purposes, and include provisions for conflict of interest disclosure and management.

Original source

Scope

Policy Area

Public procurement

Policy Instrument

Public procurement access

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

central government

Complete timeline of this policy change

Hide details

2025-05-01

adopted

On 1 May 2025, the Government Chief Digital Officer (GCDO) issued the Data Protection Standard for …

2025-07-01

in force

On 1 July 2025, the Data Protection Standard for providing non-government third parties with access…

Description

Standard for providing non-government third parties with access to, or collection of, government-held personal information enters into force

Scope

Complete timeline of this policy change