Breaking into the European market can mean successful scale-up for many Canadian companies, but it can also mean stiff financial penalties if privacy is not protected. The European Union (EU) has enacted its General Data Protection Regulation to protect personal information from compromise and loss, and it changes how data is now handled across every sector.
The regulation, which came into effect in 2018, applies to data controllers and data processors based in the EU, as well as those offering goods or services to people living within the EU or those who monitor the behavior of EU residents. It is enforced by the Data Protection Authorities in each EU Member State and aims to harmonize data protection laws across the region.
What Canadian companies need to know is that the GDPR not only applies to organizations within the EU, but to any companies processing and holding personal data of people residing within the EU, no matter where the company is located. Canadian companies, as those anywhere else in the world, need to abide by this regulation or face stiff fines to the tune of $20 million euros or four percent of a business’ annual global revenue.
Understanding the GDPR and how to comply can be challenging for Canada’s small and medium-sized enterprises (SMEs). To help smooth the path to compliance, SCC worked alongside the Canadian Advisory Committee on GDPR (CAC-GDPR), a body of experts from academia, government, law, and industry, to develop a guidance document to help organizations take the first steps and guide them on the use of relevant standards.
Together, we developed a unique guidance document to not only unwrap the key GDPR requirements but recommends key international standards to support their compliance process.
“Canadian SMEs know the high price that non-compliance to the GDPR can mean and the importance of understanding their legal obligations,” said Alex Heroux, project coordinator. “Together, we developed a unique guidance document to not only unwrap the key GDPR requirements but recommends key international standards to support their compliance process.”
Through its Innovation initiative, SCC supports Canadian organizations not only comply with data regulations, but to foster coordination and collaboration on data governance issues. For more information on how the Data Governance Standardization Collaborative is helping shape the future of data governance, and to download the new guidance document, Understanding GDPR: The role of standards in compliance, visit our website.