Privacy and Data Governance
Data drives modern business. Managed well, it becomes a competitive advantage.
What We Do
Data underpins modern business.
Data underpins modern business.
Managing it responsibly can be a competitive advantage. As AI redefines how organisations work, strong data privacy compliance is fundamental.
Services Offered
01
Privacy Compliance Programmes
Privacy compliance is a business priority as well as a legal requirement. HAVN Law helps organisations build practical privacy programmes aligned with the New Zealand Privacy Act 2020 and the GDPR. This includes mapping personal information flows, identifying where risk sits and implementing policies and procedures to manage day-to-day obligations and respond effectively when issues arise. A clear framework reduces regulatory and reputational risk and provides a defensible position where required.
03
Data Privacy in Contracts
The outcomes of a privacy impact assessment need to be reflected in the contract. Every commercial arrangement involving personal information creates risk. These obligations are often treated as boilerplate, but when not properly addressed, organisations may lose control over their data and have limited recourse if something goes wrong. HAVN Law ensures privacy and data obligations are clearly defined and enforceable, including risks around unauthorised use, third party sharing, retention, data subject access and cross-border transfers.
02
Privacy Impact Assessments (PIAs/PDIA)
A privacy impact assessment identifies and addresses privacy risk at the outset of a new product, system or vendor relationship. HAVN Law supports organisations to carry out PIAs and DPIAs early, providing legal input to identify risk, challenge assumptions and ensure outcomes carry through into procurement, contracting and governance. Addressing risk early is far less disruptive than fixing issues later. Mandatory under the GDPR for high risk processing, and increasingly expected under the New Zealand Privacy Act 2020, these assessments also provide a clear record that risks were considered and addressed from the outset.
04
AI and Data Privacy
AI systems create privacy obligations that many existing programmes were not designed to address. A common risk is staff inputting personal or sensitive information into AI tools without understanding how that data is used or retained. More broadly, AI can involve large scale data collection and reuse that sits uneasily with privacy requirements around purpose limitation and minimisation. HAVN Law works with organisations adopting AI and technology providers building AI into their products to assess whether current approaches remain fit for purpose or require adjustment.
01
Privacy Compliance Programmes
Privacy compliance is a business priority as well as a legal requirement. HAVN Law helps organisations build practical privacy programmes aligned with the New Zealand Privacy Act 2020 and the GDPR. This includes mapping personal information flows, identifying where risk sits and implementing policies and procedures to manage day-to-day obligations and respond effectively when issues arise. A clear framework reduces regulatory and reputational risk and provides a defensible position where required.
02
Privacy Impact Assessments (PIAs/PDIA)
A privacy impact assessment identifies and addresses privacy risk at the outset of a new product, system or vendor relationship. HAVN Law supports organisations to carry out PIAs and DPIAs early, providing legal input to identify risk, challenge assumptions and ensure outcomes carry through into procurement, contracting and governance. Addressing risk early is far less disruptive than fixing issues later. Mandatory under the GDPR for high risk processing, and increasingly expected under the New Zealand Privacy Act 2020, these assessments also provide a clear record that risks were considered and addressed from the outset.
03
Data Privacy in Contracts
The outcomes of a privacy impact assessment need to be reflected in the contract. Every commercial arrangement involving personal information creates risk. These obligations are often treated as boilerplate, but when not properly addressed, organisations may lose control over their data and have limited recourse if something goes wrong. HAVN Law ensures privacy and data obligations are clearly defined and enforceable, including risks around unauthorised use, third party sharing, retention, data subject access and cross-border transfers.
04
AI and Data Privacy
AI systems create privacy obligations that many existing programmes were not designed to address. A common risk is staff inputting personal or sensitive information into AI tools without understanding how that data is used or retained. More broadly, AI can involve large scale data collection and reuse that sits uneasily with privacy requirements around purpose limitation and minimisation. HAVN Law works with organisations adopting AI and technology providers building AI into their products to assess whether current approaches remain fit for purpose or require adjustment.
01
Privacy Compliance Programmes
Privacy compliance is a business priority as well as a legal requirement. HAVN Law helps organisations build practical privacy programmes aligned with the New Zealand Privacy Act 2020 and the GDPR. This includes mapping personal information flows, identifying where risk sits and implementing policies and procedures to manage day-to-day obligations and respond effectively when issues arise. A clear framework reduces regulatory and reputational risk and provides a defensible position where required.
03
Data Privacy in Contracts
The outcomes of a privacy impact assessment need to be reflected in the contract. Every commercial arrangement involving personal information creates risk. These obligations are often treated as boilerplate, but when not properly addressed, organisations may lose control over their data and have limited recourse if something goes wrong. HAVN Law ensures privacy and data obligations are clearly defined and enforceable, including risks around unauthorised use, third party sharing, retention, data subject access and cross-border transfers.
02
Privacy Impact Assessments (PIAs/PDIA)
HAVN Law structures supply and distribution agreements with the future in mind, not just the present. Issues such as pricing strategy, customer relationships, IP protection, exclusivity and brand use are addressed early, protecting the long-term commercial value of the relationship.
04
AI and Data Privacy
AI systems create privacy obligations that many existing programmes were not designed to address. A common risk is staff inputting personal or sensitive information into AI tools without understanding how that data is used or retained. More broadly, AI can involve large scale data collection and reuse that sits uneasily with privacy requirements around purpose limitation and minimisation. HAVN Law works with organisations adopting AI and technology providers building AI into their products to assess whether current approaches remain fit for purpose or require adjustment.
Let's talk about your business.
A short conversation to understand your objectives and how we can help.
Let's talk about your business.
A short conversation to understand your objectives and how we can help.
Let's talk about your business.
A short conversation to understand your objectives and how we can help.
