TrafficSoda Digital Marketing Agency logo
  • SEO & Lead Generation
      Your Browser Don't Support Canvas, Please Download Chrome.
      TrafficSoda

      SEO, Lead generation & Digital Advertising

      Search Engine Optimization

      SEO Services
      SEO Audit and Clean Up
      Penalty Assessment
      Local SEO Services

      Lead Generation & Advertising

      Google Local Ads Management
      PPC Management
      Social Media Advertising
      Geofencing – Target Marketing

      Get a FREE Proposal Today

      Ready to get started? Reach out today for a free, custom quote.
      Start Today
      TrafficSoda Digital Marketing Agency logo
      Experts in SEO, Lead Generation & PPC. We’ve worked on hundreds of campaigns.
  • Content & Email
      Your Browser Don't Support Canvas, Please Download Chrome.
      TrafficSoda

      Content Marketing, Email and SociaL Media Management

      Email Marketing

      For campaigns set up, email design and copywriting, list management, email remarketing, automation and management, check out our email marketing services

      Content Marketing

      SEO Copywriting
      Content Marketing Services
      Lead Generation Marketing Collateral
      Social Media Management

      Get a FREE Proposal Today

      Ready to get started? Reach out today for a free, custom quote.
      Start Today
      TrafficSoda Digital Marketing Agency logo
      Experts in Content, Email and Social Media . We’ve worked on hundreds of campaigns.
  • Services
  • Blog
  • About Us
  • Contact
  • Services
  • SEO
    • SEO Services
    • SEO Audits & Clean Up
    • Google Penalty Repair
    • Local SEO Services
  • Lead Generation
    • Google Local Ads
    • PPC Management
    • Social Media Advertising
    • Geofencing PPC Services
  • Content Marketing
    • SEO Copywriting
    • Content Marketing
    • Lead Generation Magnet
    • Social Media Management
  • Email Marketing
  • Learn
  • Contact Us
  • Get A Quote
  • About Us

Now Part of REM Web Solutions

Call Us: 519-584-2116

What You Need to Know About the GDPR in Canada
May 10, 2018by Amanda TurnerTech Community

What You Need to Know About the GDPR in Canada

On May 25, 2018, the General Data Protection Regulation (GDPR) will come into force. This law creates new obligations for Canadian businesses who collect or handle personal information about people living in the European Union (EU).

We’ve briefly summarized what you need to know about the GDPR in Canada from our perspective as digital marketers. Keep in mind that we’re marketing geeks, not lawyers — but we do hope this information provides a good starting point.

What is the GDPR?

The GDPR lays down rules on the protection and movement of Europeans’ personal data both within and outside the EU. It aims to harmonize the laws on data privacy in line with the European Charter of Fundamental Freedoms, which gives EU citizens certain rights regarding their personal data.

The regulation came about back in 2016, but it does not come into force until May 25th, 2018. As that ‘deadline’ approaches, it’s no surprise many Canadian businesses are wondering whether the GDPR applies in Canada and, if so, what they need to do about it.

The short answer is yes: if you do business in the European Union, it’s likely the GDPR will apply to you, even if you’re based in Canada.

We’ll go into more detail about what that means next.

What Does the GDPR Do in Canada?

The GDPR regulates how businesses handle personal information about individuals who reside in the European Union. That includes the business’s European customers, employees, associates, and others on whom the organization collects data.

As a Canadian business, you must follow the GDPR when collecting personal information from European citizens if you:

  1. Have an establishment in the European Union.
  2. Offer goods or services to people in the European Union
  3. Monitor the behaviour (including online behaviour) of people in the European Union.

How to Handle Personal Data Under the GDPR

Personal data includes any information that relates to an identifiable person, like a name, surname, I.D. number, or home address. It also includes aspects of an individual’s digital footprint, like their email address, IP address, or cell phone location data.

If your business has an online presence, chances are that you collect at least some data that falls under the category of personal data.

The GDPR establishes six main principles on how businesses (including Canadian businesses) should handle personal data:

  1. All data must be collected and processed lawfully, fairly, and in a transparent manner. In most cases, you may only collect or process someone’s data after obtaining consent to do so (more on that in the next section).
  2. You need a specific, legitimate, lawful reason to collect data. No hoarding personal information ‘just because’. If you’re going to collect data, you have to do it with a specific purpose in mind!
  3. You must limit your data collection to what is necessary to fulfill your purpose. In other words, don’t take more data than you need. If all you need is a name and an email address, don’t ask for a phone number as well.
  4. You have an obligation to keep the data accurate and up-to-date. Have measures in place to avoid keeping false or outdated information.
  5. You cannot keep data for longer than is necessary to fulfill your purpose. Once you’re done with it, destroy it.
  6. You are responsible for data security. If you store the data on an IT system, you must ensure only authorized parties can access it; if you keep physical copies, keep them in a secure location. You also have an obligation to inform people in the event of a data breach.

What is Consent to Collect Personal Data?

Consent is one of the major areas where the GRDP differs from Canada’s federal data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). Whereas PIPEDA in many cases allows for implied consent, the GRDP is strict about when and how businesses should get permission to use someone’s personal information.

As a business, you must obtain clear, affirmative consent in order to collect and process personal data, meaning the person actually has to indicate their permission somehow. For example, an opt-out system like a pre-checked box on a web form not constitute consent.

Consent must also be freely given, specific, informed, and unambiguous. The person you’re asking must know who you are and what you plan to do with the data, and that they can refuse or withdraw consent at any time.

For children under 16, you must obtain consent from the child’s parent or guardian.

How Canadian Businesses Can Prepare for the GDRP

To reiterate, the GRDP mandates that all businesses who operate in the EU, offer goods and services to EU citizens, or monitor the behaviour of EU citizens must follow the rules for data protection in the GRDP. That includes Canadian businesses. If you do business with Europe, it’s incumbent on you to prepare for the GDRP now.

The exact steps you take will depend on how you operate, but the following are good starting points:

  1. Review your current policies and processes on data collection. What do you collect, and why? Do you obtain and record consent?
  2. Create new boilerplate contract clauses that meet the law’s requirements. Consult with your lawyer on this one. If you run an e-commerce website or have automated communication with European customers, it’s essential that your agreements fall in line with the new regulation.
  3. Start keeping records. You will have to be able to prove you have taken steps to follow the law if ever called into question.
  4. Decide how to approach the ‘ask’. People might not be willing to hand over their personal data unless you offer them a good reason to. Think about what you can give your customers in return for their consent.
Read More
Share
TrafficSoda Digital Marketing Agency logo

Now Part of REM Web Solutions

519-584-2116

[email protected]

72 St. Leger St, Unit 2
Kitchener, ON, N2H 6R4

About

TrafficSoda specializes in acquisition marketing which includes SEO, PPC, Social Media Marketing, Conversion Optimization and Content Marketing.

Linkedin-in Facebook-f Twitter Instagram Google

SEO & Leads

  • SEO Services
  • SEO Audits & Clean Up
  • Google Penalty Repair
  • Local SEO Services
  • Google Local Services Management
  • PPC Services
  • Social Media Advertising Services
  • Geofencing PPC Services
Content & Email
  • SEO Copywriting
  • Content Marketing Services
  • Lead Generation Magnet
  • Email Marketing Services
  • SMM Services

Quick Links

  • Home
  • About Us
  • Services
  • Blog
  • Privacy Policy

© 2023 — TrafficSoda Inc. All Rights Reserved.