New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield.

“The Schrems litigation has again sent international shock waves in striking down a key EU/U.S. arrangement designed to facilitate data flows known as the Privacy Shield.”

“The decision does not directly affect transfers of data from

New Zealand’s Government Cyber Security Centre has issued a guide on incident response, laying out key steps designed to help business leaders and cybersecurity professionals strengthen their organizations’ ability to manage and respond to cybersecurity incidents.

The guide lists five incident management steps:

  • Define Roles and Responsibilities
  • Identify Threats and Assets
  • Have a Plan
  • Logging,

Click to accept – not always good enough, says the New Zealand Privacy Commissioner.

Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the individuals.

In the case of a “clicked consent,” the Commissioner will also check:

  • Why the company believes that click