What You Need to Know About the GDPR in Canada

On May 25, 2018, the General Data Protection Regulation (GDPR) will come into force. This law creates new obligations for Canadian businesses who collect or handle personal information about people living in the European Union (EU).

We’ve briefly summarized what you need to know about the GDPR in Canada from our perspective as digital marketers. Keep in mind that we’re marketing geeks, not lawyers — but we do hope this information provides a good starting point.

GDPR rules

What is the GDPR?

The GDPR lays down rules on the protection and movement of Europeans’ personal data both within and outside the EU. It aims to harmonize the laws on data privacy in line with the European Charter of Fundamental Freedoms, which gives EU citizens certain rights regarding their personal data.

The regulation came about back in 2016, but it does not come into force until May 25th, 2018. As that ‘deadline’ approaches, it’s no surprise many Canadian businesses are wondering whether the GDPR applies in Canada and, if so, what they need to do about it.

The short answer is yes: if you do business in the European Union, it’s likely the GDPR will apply to you, even if you’re based in Canada.

We’ll go into more detail about what that means next.

What Does the GDPR Do in Canada?

The GDPR regulates how businesses handle personal information about individuals who reside in the European Union. That includes the business’s European customers, employees, associates, and others on whom the organization collects data.

As a Canadian business, you must follow the GDPR when collecting personal information from European citizens if you:

  1. Have an establishment in the European Union.
  2. Offer goods or services to people in the European Union
  3. Monitor the behaviour (including online behaviour) of people in the European Union.

How to Handle Personal Data Under the GDPR

Personal data includes any information that relates to an identifiable person, like a name, surname, I.D. number, or home address. It also includes aspects of an individual’s digital footprint, like their email address, IP address, or cell phone location data.

If your business has an online presence, chances are that you collect at least some data that falls under the category of personal data.

The GDPR establishes six main principles on how businesses (including Canadian businesses) should handle personal data:

  1. All data must be collected and processed lawfully, fairly, and in a transparent manner. In most cases, you may only collect or process someone’s data after obtaining consent to do so (more on that in the next section).
  2. You need a specific, legitimate, lawful reason to collect data. No hoarding personal information ‘just because’. If you’re going to collect data, you have to do it with a specific purpose in mind!
  3. You must limit your data collection to what is necessary to fulfill your purpose. In other words, don’t take more data than you need. If all you need is a name and an email address, don’t ask for a phone number as well.
  4. You have an obligation to keep the data accurate and up-to-date. Have measures in place to avoid keeping false or outdated information.
  5. You cannot keep data for longer than is necessary to fulfill your purpose. Once you’re done with it, destroy it.
  6. You are responsible for data security. If you store the data on an IT system, you must ensure only authorized parties can access it; if you keep physical copies, keep them in a secure location. You also have an obligation to inform people in the event of a data breach.

Collecting Private Data

What is Consent to Collect Personal Data?

Consent is one of the major areas where the GRDP differs from Canada’s federal data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). Whereas PIPEDA in many cases allows for implied consent, the GRDP is strict about when and how businesses should get permission to use someone’s personal information.

As a business, you must obtain clear, affirmative consent in order to collect and process personal data, meaning the person actually has to indicate their permission somehow. For example, an opt-out system like a pre-checked box on a web form not constitute consent.

Consent must also be freely given, specific, informed, and unambiguous. The person you’re asking must know who you are and what you plan to do with the data, and that they can refuse or withdraw consent at any time.

For children under 16, you must obtain consent from the child’s parent or guardian.

How Canadian Businesses Can Prepare for the GDRP

To reiterate, the GRDP mandates that all businesses who operate in the EU, offer goods and services to EU citizens, or monitor the behaviour of EU citizens must follow the rules for data protection in the GRDP. That includes Canadian businesses. If you do business with Europe, it’s incumbent on you to prepare for the GDRP now.

The exact steps you take will depend on how you operate, but the following are good starting points:

  1. Review your current policies and processes on data collection. What do you collect, and why? Do you obtain and record consent?
  2. Create new boilerplate contract clauses that meet the law’s requirements. Consult with your lawyer on this one. If you run an e-commerce website or have automated communication with European customers, it’s essential that your agreements fall in line with the new regulation.
  3. Start keeping records. You will have to be able to prove you have taken steps to follow the law if ever called into question.
  4. Decide how to approach the ‘ask’. People might not be willing to hand over their personal data unless you offer them a good reason to. Think about what you can give your customers in return for their consent.

Reusing Blog Posts for Social Media: Time-Saving Tips on Remixing Your Best Content

Ever wondered how brands come up with fresh content to post on social media every single day? Their secret is remixing. Instead of creating brand-new content from scratch, many smart brands leverage their existing blog posts into fresh content for Facebook, Twitter, and other social media platforms.

There are lots of practical reasons to reuse blog posts for social media content:

  1. Save time. Rather than spending hours writing great blog posts and crafting social media content, you can produce multiple forms of content for your site and social media platforms simultaneously.
  2. Drive traffic to your site. Building content from your blog posts lets you re-share old URLs in a new context, driving more traffic to the original post you so carefully crafted.
  3. Maximize your audience reach. Some people love to hunker down for a good read, while others would rather consume quick bites of content in videos or graphic form. Turning a blog post into different social media content gets your message out to the broadest possible audience.

Which Blog Posts Make for Great Social Media Content?

You know your content better than anyone, so you probably have some idea of which ones would make for great videos or images. But keep in mind that the blog post should be:

  • Relevant to your audience. Some posts age better than others; don’t choose a post that is outdated or no longer interesting.
  • This depends on how you measure blog performance. If your number one goal is site traffic, use Google Analytics to find out which posts have generated the most user sessions; if brand-building is your focus, see which posts incited the most social media engagement.

Ways to Remix and Reuse Blog Posts for Social Media Content

To get you started, here are a few time-saving tips on reusing blog posts for great social media content.

1. Videos

We have written previously about the benefits of using video on social media. People are more likely to view and engage with videos than any other form of content, and there are lots of free tools that can help you make captivating videos out of blog posts. One of our picks is Lumen5, which automatically pulls content from articles and turns it into easily customizable scenes.


One of the quickest ways to turn blog posts into social content is this: pull the juiciest bites of information from the article and share it in the form of a brief text post or image. It can be an authoritative statement, an inspirational quote, an impressive statistic, or a compelling question. Choose something that will stop users in their tracks and entice them to click through.

reuse blog post

3. Graphics

Bold, colourful visuals boast universal appeal across social platforms. Social posts that include images always grab more attention than text alone. You can condense the main points of the blog into one image or break them into a series of images that each highlight a point.

blogs for social media

4. Infographics

Turn an information-heavy blog post into an easily digestible infographic. While they do take longer to create than one-off graphics, the potential return on investment is high; an eye-catching infographic can catch on and spread to all corners of the web. Be sure to include your brand’s logo and a link to the original blog post somewhere on the graphic.

If you haven’t got a knack for graphic design, use a free template available with tools like Canva or Piktochart.

5. Live Video

Have more to say about a particular post? That’s a great opportunity delve deeper into the topic or host an audience Q&A in a live video broadcast. Live videos on Facebook are most likely to appear at the top of the news feed, and your followers will get a notification letting them know you are on-air. It’s free, simple, and gives your audience a chance to connect with you and your company on a more human level.


Find Out What Else TrafficSoda Does!