The GDPR is likely to impact smaller companies in the overall scheme. People unaware of this new legislation will potentially be fined with it is enforced next year.
Here is a list of things that the new legislation will do and change for Canadian businesses and what should be considered as a Canadian business owner or employee:
First and foremost it should be known that the restrictions and requirements in the GDPR are similar to those in the Personal Information Protection and Electronic Documents Act in Canada and therefore will be an easier adjustment. The adjustments to look for are:
- Being sure to review consent forms
- Reviewing contracts
- Ensuring the GDPR requirements for a company's Chief Privacy Officer are being met
- Reviewing privacy and data policies
- Consulting with legal counsel
When the GDPR comes into place, it will apply to companies that have an establishment in the EU or that engage in data processing activities. These activities include:
- Offering goods and services to European Union residents
- Monitoring the behavior of EU residents within the EU
The things that will be different between the GDPR and Directives are the following:
- Consent
- Accountability
- Data breach notification
- Data processors
- International Transfers
- Data protection officers
- Right to be Forgotten
- Sanctions