Guidance for Canadian businesses
The European Union’s (EU) General Data Protection Regulation (GDPR) is a big step toward safeguarding data: it changes how data is handled in every sector. That’s important in today’s world, where protecting personal information is essential.
The regulation applies to:
- companies based in the EU that have access to or process personal data
- companies that sell goods or services to people living in the EU (even if the company is based elsewhere)
- companies that monitor the behaviour of EU residents
It is enforced by the Data Protection Authorities in each EU member state and aims to harmonize data protection laws across the region. Businesses that do not comply with the GDPR can face a fine of $20 million euros or 4% of their annual global revenue.
The GDPR applies to all companies that process and hold the personal data of people living in the EU, no matter where the company is located. Canadian organizations need to abide by this regulation if they sell goods or services to or monitor the behaviour of individuals in the EU.
DISCLAIMER: The information presented on this website is for informational purposes only and should not be construed as legal or other advice for any particular issue or subject, including compliance with relevant laws. You must consult a professional advisor who is familiar with your particular situation for any such advice.
Learn more
Resources
A variety of organizations from Europe and Canada offer guidance and information on the GDPR that may be useful.
- Rules for business and organizations: What your organisation must do to comply
- Guidelines, recommendations, best practices
- Guide to the UK General Data Protection Regulation: Data protection principles, rights and obligations
- Terminology, application, and key provisions
- Access and privacy competence
- Privacy laws in Canada: How do the rules affect your business?
- Advice from the Data Protection Commission
Get involved
SCC leads the Data Governance Standardization Collaborative. This cross-sector coordinating body’s mandate is to:
- encourage coordination and collaboration on data governance standardization
- help to identify key industry-wide data governance standards, specifications and conformity assessment solutions that meet stakeholder needs
- facilitate the growth of data governance capabilities that fit national and global priorities