Many website-based companies have made lots of changes in terms of how they handle client information recently. You may have noticed that a lot of them have been sending you emails how they updated their privacy policies. The European Union (EU) has updated their General Data Protection Regulation (GDPR) policies and even though not all countries belong to the EU, many of them hold data that are of concern to the citizens of the EU. This, of course, includes many companies in Canada. So, the question stands – does the new GDPR laws apply to Canada and the companies in Canada?
There may be already laws that facilitate that comings and goings of a number of sensitive data and information among Canadian companies and between entities based on EU, but the ruling on General Data Protection Regulation (GDPR) may change things up a bit and have a significant impact on the things that are going on right now. The current law that’s in place as of the moment is the The Personal Information Protection and Electronic Documents Act, known as PIPEDA. Generally speaking, the EU does not meet eye to eye with many stipulations in the PIPEDA and so to go around this, companies, that obtain, store and process information that are connected to the people within EU should comply to the Standard Rules as set by the GDPR.
This means that Canadian companies will have to go over a review on all the information they have and sort out the ones that are from citizens of the European Union. Aside from this they will have to prepare a list of all the people or groups of people within their company who have access to these particular data. This includes the people who gathered such information and the people who have access or may have access to these information at one point in time or another and even the server systems and programs that facilitate the handling of these information. This list should be ready in case the proper authorities from the EU might need them. If a company or a retailer wishes to collect personal data from an individual, it’s best to ask that person’s consent first before engaging in any data collection activity or even the mere sending out a welcome email. Another important thing to take note is that companies must give full access to the personal data of the people who own them and, in some case, have the ability to “forget” certain individuals. The first step in going about this is of course to sift out data that cover the rules laid out by the GDPR so that they can easily reorganize this sifted data to be set in compliance with the new GDPR policies.
That being said, companies that are caught to be violating the new rules set down by the GDPR rulings and are still adhering to old laws may find themselves in front of a host of penalties. There are basically two-tiers in sanctions. The most sever sanction can have a company fined for €20 million or 4% the total turnover or whichever is higher. These information are sensitive and can cause a tremendous amount of damage to both institutions and individuals should they be improperly handled and so should be most apparent to companies that compliance to the new law cheaper and more effective choice when it comes to securing the privacy of each client. Resistance is futile.
It’s rather important to note that the new GDPR policies apply not only to data analytics companies but also to brick and mortar retail companies that deal with their customers face to face, and so that includes high street shops too. If the stores and companies have been found out to be violating the rules and procedures laid down by the GDPR, they will receive the same sanctions that all other violating companies receive across the board. This means that even shops that perform some sort of customer-relations such as sending out emails to them means they are in possession of personal information to these customers and if they are found out that they are not holding up to standard procedure, they too shall incur similar penalties.
These are just the basics we have covered in regards to the GDPR. If you are a company owner or a retailer, this should make you aware of the policies and implications of the violation of these policies so it’s rather best to start complying as soon as possible to avoid unwanted entanglements from the EU or worse, exorbitant fines. If your company collects data in any way shape or form and have a clientele based on the EU, it’s best to get brushed up real soon and have all your data sorted out to comply to the new chances in the GDPR.
