Announcement
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
February 22, 2018
New European privacy regulation will impact Canadian businesses
The European Union’s General Data Protection Regulation (GDPR) will come into force May 25, 2018, potentially creating new obligations for Canadian businesses that handle the personal information of individuals in Europe.
Canadian organizations may need to comply with the GDPR if they:
- Have an establishment in the EU; or
- Are located outside the EU but either “offer goods or services” to or “monitor the behaviour” of individuals in the EU.
While the GDPR and Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), share a number of core tenets, they are different laws. The Office of the Privacy Commissioner of Canada is not responsible for enforcing compliance with the GDPR.
The European Commission website offers information to help businesses comply with GDPR requirements. The Article 29 Data Protection Working Party has also developed a fact sheet. While this fact sheet was developed for Asia Pacific Privacy Authorities, it offers information and advice that Canadian businesses may find helpful.
- Date modified: