CANADIAN GDPR COMPLIANCE
GDPR (General Data Protection Regulation) is a set of stringent data security, data privacy, and data governance requirements set to become global best practice
Myth: GDPR compliance concerns new rules for privacy and security only for businesses in the EU.
Fact: GDPR applies to organizations in Canada offering goods and services to EU natural persons, even if their operations are not physically in the EU.
Risks of non-compliance: The business risk of non-compliance is much more than financial - in the worst case, the maximum of $30 million or 4% of global revenue. There's also reputational risk involved in the case the EU could make against a non-compliant business; the international news exposure of a complaint made against a business by an EU natural person or even the EU state representing that natural person due to non-compliance can never be good for business. Then there's legal risk, which exists when a data subject sues a non-compliant business for damages caused by non-compliance, which in turn incurs even more reputational risk.
Summary: GDPR is about data privacy by design, data security by design, and data governance by design across all data activities involving personal data. We're here to help.
The $15 million referred to in the video is the minimum maximum penalty in the case where the data processor or data controller fail to meet their obligations, whereas the maximum maximum penalty is 2% of global revenues. Note that this is a different penalty class than the penalty for non-compliance with the rights of the data subject (maximum of $30 million or 4% of global revenues). See GDPR Article 83 for more information.
CANADIAN GDPR COMPLIANCE SERVICES
Don't underestimate the effort required to be GDPR compliant. In our experience, updating your systems and processes to be able to comply with the rights of EU data subjects takes the most effort, followed by being able to fulfil the obligations of being a data controller or a data processor.
GDPR requires data controllers and data processors to keep records of their GDPR compliance efforts. A positive side-effect of this is that the documentation also enables management to provide the Board with evidence of GDPR compliance, thereby enabling the board to better exercise its Duty of Care.
Data Protection Officer
In some instances, the GDPR requires an organization to have a Data Protection Officer, one of the responsibilities of which is to provide independent advisory services to the organization to ensure compliance. In this context, we offer external Data Protection Officer Services to our clients.
GDPR COMPLIANCE ASSESSMENTS
To objectively assess compliance levels, we assess your strengths an weaknesses in the context of the GDPR's 261 pages, 99 Articles and 173 Recitals. The assessments are customized; there is no "one size fits all" approach to GDPR compliance. E.g. the health data sections may be irrelevant if you're in banking.
Given this assessment, we help you prioritize your compliance efforts for maximum effect across three pillars; data privacy, data security, and data governance.
These assessments, perhaps performed quarterly, are exactly what the Board needs in their oversight role, using it to monitor work done and work that still needs to be done in their oversight role of ensuring GDPR compliance.
GDPR COMPLIANCE TEAM LEAD
A Passion for Governance, Risk and Compliance
Contact us to learn more about becoming GDPR compliant, and about objectively measuring your level of GDPR compliance
We look forward to the opportunity of being of service to you
Suite 5700, 100 King St W, Toronto, ON M5X 1C7
905 334 4370