Guidance for Canadian businesses

The European Union’s (EU) General Data Protection Regulation (GDPR) is a big step toward safeguarding data: it changes how data is handled in every sector. That’s important in today’s world, where protecting personal information is essential.

The regulation applies to: 

  • companies based in the EU that have access to or process personal data
  • companies that sell goods or services to people living in the EU (even if the company is based elsewhere) 
  • companies that monitor the behaviour of EU residents


It is enforced by the Data Protection Authorities in each EU member state and aims to harmonize data protection laws across the region. Businesses that do not comply with the GDPR can face a fine of $20 million euros or 4% of their annual global revenue.  

The GDPR applies to all companies that process and hold the personal data of people living in the EU, no matter where the company is located. Canadian organizations need to abide by this regulation if they sell goods or services to or monitor the behaviour of individuals in the EU.


DISCLAIMER: The information presented on this website is for informational purposes only and should not be construed as legal or other advice for any particular issue or subject, including compliance with relevant laws. You must consult a professional advisor who is familiar with your particular situation for any such advice. 

Learn more

Cover report - Understanding GDPR

Helping you understand GDPR

SCC developed this guidance document with help from the Canadian Advisory Committee on GDPR. It will help you take the first steps toward compliance, guide you on using the standards and recommend standardization solutions to facilitate compliance. 


Read report


A variety of organizations from Europe and Canada offer guidance and information on the GDPR that may be useful.

Get involved

SCC leads the Data Governance Standardization Collaborative. This cross-sector coordinating body’s mandate is to: 

  • encourage coordination and collaboration on data governance standardization 
  • help to identify key industry-wide data governance standards, specifications and conformity assessment solutions that meet stakeholder needs
  • facilitate the growth of data governance capabilities that fit national and global priorities 


Get involved