Noncompliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.
New Zealand employers can be fined up to $10,000 for failing to notify the Commissioner of a notifiable privacy breach (Art. 118). Other instances where $10,000 fine may apply include when obstructing, hindering or failing to comply with a lawful requirement of the Commissioner or other person under the Privacy Act 2020 (Art. 212).
HR Best Practices: Before collecting or processing personal data, make sure to be in line the security measures necessary to ensure data security within your organization.