Home » Blog » Here

How the GDPR is effecting Canadian business

Posted by: Next Digital  |  May 25, 2018

If your Canadian business collects or has collected personal data from European customers, you needs to make sure you are not violating the new EU privacy laws, the GDPR, that took effect today (Friday, 25th of May, 2018). These rules will apply to any business, be it a small retailer that sells online or an educational institute – personal information on any resident of the European Union, student, tourist, online customer and otherwise, can result in a maximum fine of $30 million.

Chances are, if you subscribe to e-mail marketing, run online ads or use analytics-reporting tools, you’ve received an email recently about updates to your account settings to comply with the GDPR, leading people to wonder how the GDPR is going to affect their business as well as what are these EU privacy data rules.

The General Data Protection Regulation (or GDPR) is a legal framework that required all business to protect the personal data and privacy of European residents. This gives individuals the power to demand companies to reveal or delete the personal data it holds on its customers. Companies like Apple have launched a privacy portals, where you can request your data, save it for your personal files, delete or deactivate your account or make corrections. The “Apple ID & Privacy” website will be available for Canadians later this year, currently it is only for EU, Iceland, Liechtenstein, Norway and Switzerland. For more information on Apples privacy portal, please read our blog “Apple Launches Privacy Portal”.

If you’re a Canadian SMB and you’re starting to freak out about the potential effects of GDPR, best thing to do it relax – which might be easier said than done. The GDPR and PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act) have differences, but ultimately try to achieve the same thing. Both highlight transparency of collected personal data and how it is being used, and includes giving people notice that their personal data is being collected and a chance to say no to have their personal data collected.

Your businesses biggest hurdle might be getting consent to collect data and record-keeping requirements, those in the GDPR are much more specific than in PIPEDA. Take this time to demonstrate that your company has taken the effort to protect your customer’s data.

  • If you have website tracking, make sure your customers are aware and have accepted conditions in the term that include tracking.
  • Build a Privacy Plan. Understanding what identifiable information you are collecting, make a plan to protect that sensitive information. And if you suffer a data breach, report the affected clients within 72 hours.
  • Follow up your Privacy Plan with a Privacy Policy, stating what information you are collecting, how it is being collected, why you are collecting personal data, if the data is shared with a third party and how they can go to get their personal information removed.

For more information, please contact us at Next Digital.