You Better LAWYER UP!
Just kidding.
But we are hoping you won’t have to after we help you get to know the new European Union GDPR regulation, in effect as of today, May 25th, 2018. So, what’s with this European General Data Protection Regulation (or, GDPR)? And how does it affect the average Canadian business owner?
The GDPR is a cohesive system of privacy regulation to the European Union and affects all companies, organizations, and businesses that process and EU citizen’s personal data – or, anything that effectively identifies an individual. The reason the European Union has implemented this new regulation is that the previous data protection laws had not been changed for over twenty years. Now, if you think about how far we have come in terms of technology, data transmission, and storage, and all the recent privacy scandals happening right now (ahem, Zuckerberg & Cambridge Analytica), you can see why this might be an issue. So, the EU took initiative in April of 2016 and two years later they finally have some decent protections in place regarding personal data.
Everything the GDPR regulates is in regards to personal data. Any company that processes personal data from a member state, is established in a member state, or processes data using equipment located in a member state must adhere to these new laws. If you are offering goods or services to EU residents or monitoring the behavior of any EU resident(s), this affects you. Meaning this new regulation has the potential to affect companies that have no ties or operations in the EU. The personal data held could be as simple as a name and email address from an EU citizen, stored on an email list that has never been used – you still have their data!
As of today, the GDPR states an individual must give informed, meaningful, unambiguous consent to the processing of their personal data. This means you will need a contract with proper explicit consent from the individual, and give them the proper options to opt-out, object, or withdraw consent at a later time if they choose to do so. The Directive provides an accountability requirement for companies to implement proper security measures to ensure an individual’s data is protected, and a requirement of a data breach notification so that a user is notified at the time of any data breach.
Basically, what this all means is that the collection, usage, and storage of personal data is being protected and regulated more so than ever before, in an attempt to catch up to the rate of data collection & usage going on today. This is setting an important standard to online privacy, and we have a long ways to go in terms of protecting our personal information – that is, if that’s something important to you!
If you have any questions regarding GDPR and how it may affect your data online, give us a call to chat! We’re happy to help!