The General Data Protection Regulation (GDPR) is a series of laws that were approved by the European Union Parliament that come into effect on May 25th, 2018. The GDPR standardizes data protection across the EU member states and will bring harmonization across the EU regarding data privacy. It provides individuals with greater control over the use of their personal data.
Companies are processing and holding an increasing amount of personal information about their clients and customers. The GDPR imposes a host of new and enhanced obligations on anyone who collects and processes data, be it corporations, legal teams, etc…
The GDPR will apply to data controllers and data processors for data relating to EU citizens across all industries. Any organization that retains personal information of any EU residents must act to comply with the GDPR.
Why should Canadian organizations take notice? The GDPR will affect companies that handle personal data of EU residents, whether the companies are based in the EU or not. The GDPR applies to businesses established in the EU with offices elsewhere; businesses that have economic activity in the EU or who offer goods or services to individuals located in the EU via the internet. It also applies to businesses that monitor behavior of individuals located in the EU.
Litigators involved in projects (whether litigation or regulatory investigation) where data has to be pulled from custodians within the EU also require an understanding of the obligations to those individuals.
The GDPR can result in significant penalties for non-compliance, therefore, preparation and compliance are essential.