What you need to know about the European Union’s new general data protection regulations (GDPR)

What is the GDPR? 
The General Data Protection Regulation (GDPR) is intended to strengthen and unify data protection law in the digital age. It means that any organisation – large or small – processing or controlling personal data from the European Union must comply with the legislation. The European Union’s new privacy law, came into effect on May 25th, 2018.

Who does GDPR apply to?
As a small business owner, if your business has clients, customers or website visitors in the European Union, you must be in compliance with the GDPR. For example, if your head office is located in Canada, and you collect personal data from European citizens (i.e., through subscription forms on your website, or by sending commercial emails), the GDPR applies to you and it is your duty to comply.  However, if you communicate exclusively with Canadian and North-American contacts the GDPR does not apply to you. In your case, only Canada’s Anti Spam Law (CASL) applies. 

How should I comply? 
Even if you’re not doing business in Europe, but you operate globally, GDPR is being seen as the standard for privacy terms worldwide. Rather than having several different policies for different regions, it might be easier for an SME to consider following the GDPR guidelines.  

Interested in learning more: 

  • The UK Information Commissioner’s Office has an excellent guide to the GDPR, as well as practical information for Small Business owners.  
  • European Commission website: in the “Library of related documents” section, you can find a range of documents for businesses, including “Seven steps to get ready for the GDPR.”
  • The International Association of Privacy Professionals (IAPP) is the world’s largest global information privacy community, and organizes regular conferences and workshops on the GDPR.
  • EU GDPR Masterclass Webinar organized by the Canadian Trade Commissioner Service in September 2017. While the first part of the webinar is more closely targeted to policymakers, the second presentation by a data protection lawyer may be of interest for businesses seeking information on the GDPR.
  • Visit the European Commission’s online guidance on data protection reform – available in all EU languages: 
  • Consult the national Data Protection Authority 

Still have questions?

CFIB's Counsellors are available to answer your questions. Contact us at cfib@cfib.ca or by calling 1-888-234-2232.