Increasingly, governments around the world are looking for ways to protect their citizens’ personal data from corruption, compromise, and loss. In 2018, the European Union (EU) implemented the General Data Protection Regulation (GDPR) as a step toward protecting the privacy of EU citizens.

THE GDPR fundamentally changed how EU data needed to be managed across all sectors, from banking to health care. It applies to any organization in the world which has collected EU data as a course of daily business.

This regulation had worldwide impact and significant implications for Canadian organizations. Since it can be difficult for a company to know whether an individual is an EU citizen or resident, this regulation posed new challenges for Canadian organizations. Companies that fail to abide by this regulation can face fines of up $20 million euros or four percent of their annual global revenue. For this reason, it was critical for Canadian companies to understand it so that they could meet the new EU regulatory obligations.

SCC supported Canadian companies by establishing the Canadian Advisory Committee on GDPR (CAC-GDPR) as part of its Innovation Initiative. The committee acted as a national forum to influence the development of standards and conformity assessment schemes related to GDPR, data protection and privacy in general.

SCC worked alongside the CAC-GDPR to facilitate the development of a guidance document to introduce Canadian organizations to the GDPR and to recommend standardization strategies that could support compliance to this new regulation. Although these standards are not directly referenced in the GDPR, they provide a strong foundation for Canadian organizations to show compliance with GDPR.