GDPR and Canadian organizations:
Addressing key challenges
The regulation frequently referred to as the strictest data-protection law in the world came into effect on May 25, 2018. While it is European Union (EU) legislation, organizations from Canada are not immune. Our report GDPR and Canadian organizations: Addressing key challenges explores the principal compliance areas and potential solutions to challenges. It answers in full such key questions as:
What is the GDPR?
The new General Data Protection Regulation (GDPR) has three main purposes:
- Harmonize the national data protection laws of all EU member states.
- Ensure that organizations identify all personal data they handle from individuals in the EU and specify how it is protected, so that they can be fully transparent about their practices.
- Grant customers new privacy rights and greater control over how their personal information is used by organizations.
It means business: the maximum penalty for non-compliance is four per cent of an organization’s global turnover or up to €20 million.
Read our report to learn more about the GDPR and how to ensure your organization is ready for this legislation.
What types of Canadian organizations does the GDPR affect?
The following chart illustrates the four types of Canadian-based organizations subject to the GDPR:
What are the key GDPR compliance challenges?
The GDPR should be considered a team sport. Unlike previous privacy and data protection regulations, the responsibility for compliance does not fall squarely with the privacy, legal, or compliance team. Building and sustaining a GDPR-compliant program requires a coordinated effort between the technology, business, customer service, privacy, legal, and marketing (including digital) teams, as well as the data function. As meeting the legislative requirements will result in changes to business operations across the entire organization, it's important that business executives and their teams work together to support GDPR activities.
What can I do to prepare?
Canadian organizations should consider taking the following actions to successfully develop, implement, and sustain an enterprise-wide strategic plan that supports all business units with GDPR compliance: