Office Document Strategies Blog

European Privacy Legislation Has Impact For Canada

Posted by Lee Kirkby on Wed, Jun 6, 2018 @ 07:06 AM

Its been a couple of weeks since the new EU privacy legislation has come into effect.  This legislation is the strongest and most defined legislation dealing with the use of data collected through online activities and could easily become a model for what happens in other jurisdictions including  Canada and the US.EU Flag

General Data Protection Regulation (GDPR

This EU legislation was passed in 2016 and came into effect May 25th this year.  It spells out the provisions on how private data about EU citizens must be handled and protected and then also spells out the penalties which could be enacted in the event a company or individuals are proven to be negligent in not meeting the provisions.

Because it deals with all EU citizens and any private data collected there is a broad range of businesses in Canada which could be affected and which will need to make sure their data management is conducted in compliance.  This could mean banks, travel related businesses, car rentals, Air BNB rentals, etc.  It shows that compliance is not only an issue for large organizations but could also reach down to some pretty small ones as well.

As is common with many new government regulations there is lots of noise about implementation and then not much is said following that unless there are complaints and court cases which result.

This one is no different and right off the bat a lawsuit was started against some of the biggest players alleging they are not complying. 

GDPR violation lawsuit filed, watch out for EU country-specific tweaks  This recent article in IT World Canada outlines details of the first case launched under the legislation and also offers some ideas of the national twists which you could become impacted by.

Hidden impacts

One of the features of the personal data covered includes the IP addresses of individuals who might hit on a web site or link.  This hidden connection can be problematic for almost any business which has information on their site which could attract persons from around the world.  This is something which affects virtually any site in Canada (including this one) and could thereby bring the GDPR regs into play for that organization.  While the potential of someone initiating a challenge on the way this type of data is collected for smaller and less publicly aggressive sites is pretty low, there is still a potential.

The challenges to be compliant are potentially significant and many organizations are going to need help.  Some of the steps firms are taking to comply are covered in another IT World article from a couple of weeks ago but you may find other resources close to home that can help.  It may be worthwhile to check with your line of business software supplier to see if they have developed anything to respond as most of these types of packages include data management tools within them.

Since our business world has expanded in ways which see many more direct contacts from jurisdictions outside our country's borders being aware of and responding to this kind of legislative change is now a necessity.  While we need to watch what is happening at home, being aware and responding to external potentials is also an important consideration.

Lee K

Legal Use of DM in Canada Button

Office Document Strategies blog signup

Photo Credit: Wikimedia Commons Images: Sébastien PODVIN

Topics: data security, Canadian Legislation, Canadian IT