What is the GDPR?
The General Data Protection Regulation (GDPR) takes effect in the European Union tomorrow. Considered the world’s strictest online privacy law, the GDPR increases data protection for online consumers by applying regulations on organizations. Compliance is mandatory, regardless of the organization’s location, when dealing with EU citizens. Noncompliance can result in penalties up to €20 million or four per cent of the organization’s total global revenue, whichever is higher.
What are the GDPR’s most notable changes?
- Organizations must explicitly seek consumer consent for personal data collection and its use. In other words, organizations cannot bury data collection details within often lengthy terms-of-service agreements. This also means that if an organization wants to use data for something other than what a consumer has consented to, the organization must obtain consent again.
- Consumers can request their personal data files from organizations. If a consumer would like any or all of their data deleted, organizations must comply with their request.
- Organizations must keep consumer data safe. Data breaches must be reported to the organization’s national regulator within 72 hours.
- Organizations can no longer request more personal data in return for premium services.
How will this effect Canadians?
Canadian organizations that collect data of EU citizens must comply with the GDPR. Otherwise, they will be subject to the fines noted above.
A ripple effect may impact Canadian consumers as well. Some organizations have announced that they will extend GDPR rights to all users, regardless of their location. For instance, Microsoft has announced its commitment to privacy as a fundamental human right and will extend GDPR rights to all of its consumers worldwide.
CCLA advocates for internet privacy. To learn more about the organization’s work in this area, please click here.
This blog post was written by a CCLA Volunteer. Opinions expressed do not necessarily reflect the views of the CCLA.