The GDPR, which stands for General Data Protection Regulation, is a new data privacy legislation implemented by the EU government to provide individuals with more protection and control over their personal data. The GDPR, which officially came into force May 25th, 2018 is set to affect and apply to any organization that does business within the EU. This includes any organization outside of the EU that offers goods and services to customers or businesses within the EU.
This new regulation forces organizations to have a lawful system for handling personal data or face the risk of heavy fines. The GDPR was created to bring outdated laws across the EU into one unified legislation that fits into our increasingly digital society. This is necessary given almost every aspect of our life involves the use of personal data, making it essential that we provide necessary frameworks to protect our privacy.
The GDPR requires companies to be more proactive in getting consent to collect and store data from its customers. All EU citizens now have a right to see any information companies possess on them, including a right to have information permanently deleted. The new regulation gives individuals the power to have their personal data erased if it no longer serves the purpose it was collected for, if consent is withdrawn, or if there is lack of a legitimate reason to use such information. The GDPR also gives individuals easier access to information held about them and organizations must provide requested information within a month.
However, privacy experts say that many small to mid-sized Canadian companies are not aware of these new data regulations. Any Canadian business that collects personal information about residents of the EU including tourists, students or customers, must adhere to the new GDPR law or risk a fine of up to $30 million. Whether you are a company selling products in Europe, an organization with customers who are residents of the European Union, or a website tracking information in the EU, the GDPR applies to you.
There are a number of measures organizations must take to make sure they are GDPR compliant. The first step in preparing for this new regulation, is making all stakeholders in your business aware of this new privacy legislation including customers and employees. For more details on the GDPR and how it might affect your business read the full EU GDPR legislation here.