top of page

Online IR330 Forms—The Ultimate Checklist for Technical Performance

So you’ve decided that you want to move your IR330 data collection online through an app. Getting the IR330 tax code declaration is important for employers and payroll in New Zealand. Employers should look to collect their data online forms as a convenient and effective way to collect personal information from individuals on the internet. However, websites must ensure that they comply with applicable data protection laws and regulations, respect individuals' privacy and data protection rights, and provide clear and transparent information on how personal information is collected, processed, and used.

Here is our technical performance checklist under PICMI principles:

Protected Open Access

Online forms should have protected open access to ensure that users can access and complete the form securely, without the risk of unauthorised access or data breaches.

  • Have they consented to using a digital signature

  • Have they consented to transferring data digitally

  • Is this information an exclusion to digital signatures

  • Is the person signing in behind a log in that identifies them and it is their account

  • Can they make their own signature? (like name, font or “squiggle”)

Trusted and Authoritative

Online forms should be trusted and authoritative, including using electronic signatures, to ensure that users have confidence in the accuracy and integrity of the data collected and the organisation that collects it.

  • Are there tamper-proof measures to stop or detect unauthorised alterations, additions or deletions

  • Is the data secure end-to-end such that it cannot be intercepted and understood

  • Audit data is record: origin, destination, time

Well Managed

Online forms should be well-managed to ensure that they are easy to use, free from errors and omissions, and provide a positive user experience.

  • Can change the data when needed

  • Can the version of the data be seen

  • Can the originator of the data have a way to prove that later versions have not changed

  • Data is retained long enough

  • Understand how the data is going to be used (eg by third parties)

  • Do you have Data Privacy Officer

  • Is there data confidentiality

  • Where data is stored meets legal requirements (eg if offshore)

  • Are disaster recovery processes proven and reliable?


Online forms should have reusable data to improve efficiency, accuracy, convenience, consistency, and customization, providing a better user experience and improving data quality.

  • Can people avoid retyping the same information

  • Is data only available once data is agreed to be shared

  • Is your unique identifier legal

Made for People

Online forms should be made for people to ensure that they are accessible, easy to use, translatable and provide a positive user experience, regardless of the user's language, background, or abilities.

  • Collect only what is needed

  • Collect directly from the person

  • Fairly and legally collected for purpose

  • Reviewed that enough data is collected to meet legal requirements

  • Does the law require language to be in English

  • Does the law require numbers to be in Arabic numerals

  • Is the meaning transparent

  • Is the language plain

  • If necessary, does it translate well (eg using google translate)

Reasonably Priced

Online forms should be reasonably priced to ensure that users can access and complete the form without financial barriers or undue costs.

  • Do you charge for access

  • Do you charge for changes


Collecting data respectfully and legally is key to establishing and maintaining a good business and a good relationship with potential employees and having the information at the ready for compliance purposes.

Discover exactly how to audit proof your IR330.

Take our PICMI Scorecard™ and get a “freakishly accurate” assessment of your business' top strengths and weaknesses in less than 10 minutes.


bottom of page