In recent years, data breaches have dominated the news. From the U.S. presidential election to last summer’s Equifax cybersecurity breach, which impacted thousands of Canadians and almost 150 million Americans, it seems everyone’s personal information is under threat. This and Europe’s forthcoming General Data Protection Regulation (GDPR) will make increased concern over data protection a workplace trend in 2018.
In May 2018, the General Data Protection Act comes into force in the European Union. If you think this won’t apply to you, you may need to think again.
Large American multinationals are ramping up for the change. In a 2016 PwC GDPR preparedness pulse survey, 77% of respondents reported planning to spend $1 million dollars or more to get ready for the GDPR. However, many Canadian organizations aren’t preparing.
In an article in Canadian Lawyer magazine, “Getting ready for GDPR,” Kirsten Thompson, a partner at McCarthy Tétrault LLP, warns that many Canadian organizations aren’t making any arrangements for the impact of the GDPR: “There’s a misunderstanding that it doesn’t apply to them and Canadian laws are just fine.”
Canada’s own Personal Information Protection and Electronic Documents Act (PIPEDA) adequately meets the E.U.’s current directive, but this could easily change under the new legislation, which is much stricter. The GDPR will apply to any organization offering goods or services to E.U. residents. The new legislation also gives data protection authorities much greater enforcement powers. GDPR regulators will be able to fine violators 20 million euros or 4% of their annual global revenue, whichever is higher.
Whether the GDPR affects you or not, it’s a good opportunity to review your organization’s strategies when it comes to data protection. In this day and age, taking steps to ensure that the personal information of your clientele and employees is protected is essential to maintaining their trust.