Learn@IoD
Cart

Transformative Digital Data Rights Bill progresses

New Zealand is on the verge of enacting a transformative consumer data rights framework.

type
Article
author
By Susan Cuthbert, Principal Advisor, IoD
date
21 Jan 2025
read time
2 min to read
Transformative Digital Data Rights Bill progresses

New Zealand is on the verge of enacting a transformative consumer data rights framework with the Customer and Product Data Bill. The Bill has passed the select committee stage with the Select Committee recommending its adoption. Expected to come into force later in 2025, this legislation will redefine how data is accessed, shared and governed. For directors it presents an opportunity to enhance organisational governance while addressing new compliance obligations.

The Customer and Product Data Bill establishes a "consumer data right" empowering individuals to dictate how their personal data is accessed and shared. Banking and electricity are among the first sectors to implement the framework. Accredited third parties will require explicit authorisation to access customer data, ensuring consumer trust and regulatory alignment.

Boards must oversee the integration of these requirements into organisational practices. Operational responsibility lies with management but directors play a key role in ensuring the adequacy and effectiveness of systems and policies.

Opportunities for directors

The legislation introduces opportunities for innovation and enhanced governance. Directors can lead by:

  • Enhancing transparency: Aligning operations with consumer expectations on ethical data use
  • Driving innovation: Using secure data-sharing protocols to foster partnerships and develop new services
  • Strengthening market position: Demonstrating leadership through early compliance and proactive governance

Risks and responsibilities

Directors must mitigate key risks:

  • Privacy compliance: Ensuring organisational policies align with regulatory standards particularly on consent and data use
  • Cybersecurity: Overseeing the development of robust systems to protect against breaches
  • Reputation management: Minimising the risk of missteps in data handling that could erode stakeholder trust

Directors remain accountable for ensuring an effective compliance framework. This involves regular oversight, independent validation and ensuring management is adequately resourced to meet these obligations.

The road ahead

Boards should prioritise discussions on digital strategies and data governance using tools such as the IoD’s Four Pillars of Governance Best Practice. Building expertise in data governance is now essential to safeguarding organisational interests and fostering stakeholder trust.

Related content