Today, the General Data Protection Regulation (GDPR) comes into full effect. It could impact Canadian businesses. Luckily the Canadian Marketing Association (CMA) has published the Guide to the European Union (EU)’s General Data Protection Regulation (GDPR) and ePrivacy Regulation to provide support for compliance.
This guide provides an overview on general requirements, as well as insight on Canadian implications. Here’s a summary of what Canadian organizations need to think about:
- The right to be informed. Companies must include some form of privacy notice indicating how they use the personal data of their customers.
- The right of access. This continues the right of data subjects to access the personal data that organizations hold about them without incurring fees.
- The right to rectification. Customers are entitled to have incorrect information rectified. Third parties must also be notified if this data has been disclosed to them.
- The right to erasure. People can request the removal of personal data if there is no reason for its continued processing.
- The right to restrict processing. Customers will have the right to ‘block’ personal data processing. Companies can still store the data, but not process it.
- The right to data portability. This allows customers to transfer and use personal data across different services.
- The right to object. Customers can object to their data being processed.
- Automated decision making & profiling rights. This includes safeguards against the risk that a potentially damaging decision is taken without human intervention.
A GDPR Guide for Canadians
The GDPR’s expanded reach means that marketers must consider how the full scope of the regulations could apply to Canadian organizations. The GDPR will apply to any organization, wherever located, that uses the personal information of EU residents for marketing.
For more detail check out the CMA’s guide by clicking here.