In today’s world, protecting our personal information from corruption, compromise, or loss is essential. The European Union’s (EU) newly implemented General Data Protection Regulation (GDPR) is a big step toward safeguarding data and fundamentally changes how data is handled in every sector.

The regulation applies to data controllers and data processors based in the EU, as well as those offering goods or services to people living within the EU or those who monitor the behavior of EU residents. It is enforced by the Data Protection Authorities in each EU Member State and aims to harmonize data protection laws across the region. Not complying with the GDPR can result in a fine of $20 million euros or four percent of a business’ annual global revenue.  

What Canadian businesses need to know

The GDPR not only applies to organizations located within the EU but to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Canadian organizations need to abide to this regulation if they offer goods or services to, or monitor the behaviour of, EU data subjects. 

SCC, with the help of the Canadian Advisory Committee on GDPR (CAC-GDPR), developed this guidance document to introduce Canadian organizations to the GDPR and recommend standardization solutions that can facilitate compliance. 

The information provided here will help organizations take the first steps on their path to compliance and guide them on the use of relevant standards. However, it is important to note that the GDPR is a complex regulation and complying to standards alone will not be sufficient to comply with the GDPR.

SCC is also leading the Data Governance Standardization Collaborative (DGSC), a cross-sector coordinating body whose mandate is to foster coordination and collaboration on data governance standardization issues. In turn, help to identify key industry-wide data governance standards, specifications, and conformity assessment solutions for development that are consistent with stakeholder needs; and, facilitate the growth of data governance capabilities in line with national and global priorities. Please contact Anneke Olvera, DGSC Secretary.

Additional Resources 

Official resources from EU governments

• European Commission: 2018 reform of EU data protection rules 
• The European Data Protection Board (EDPB) 
• European Commission, Article 29 Working Party Guidelines 
• Guide to the General Data Protection Regulation (GDPR) 
• Data Protection Commissioner: Dublin and Portarlington
• RGPD: passer à l’action (French only)

Resources from Canadian government bodies

• Office of the Privacy Commissioner of Canada 
• Information and Privacy Commissioner of Ontario (PDF)
• Office of the Information and Privacy Commissioner of British Columbia 
• La Commission d’accès à l’information du Québec (French only)

Other useful resources

• Privacy and Access Council of Canada
• Canadian Federation of Independent Business 
• Canadian Marketing Association (CMA)

DISCLAIMER: The information presented on this website is for informational purposes only and should not be construed as legal, or other advice for any particular issue or subject, including compliance with relevant laws. You must consult a professional advisor that is familiar with your particular situation for any such advice.