The most significant difference, a business can no longer assume they have consent to use, collect, and sell your personal data. The business must now ask for authorization to send e-mail, add their information to a database, store their credit card information, keep a history of past purchases, and send them promotional material. This law goes one step further; it gives the right of the individual the ability to log in and change the information you, as a business, are allowed to keep on file or delete the record altogether.

Now you might be wondering; my company is in Canada, this new GDPR law doesn’t affect me. Here is the catch, the GDPR law that came into effect on May 25, 2018, does. It’s a large troller net that encompasses everyone that an EU citizen has contact. The Law essentially follows a person around whether at home or abroad. The GDPR Law goes one step further and puts the onus of an individuals security in the business’ hands. That means a business must have an SSL Security Certificate, make regular backups of the site, provide access to the clients’ personal information, and allow a client to delete or change any contact information you may have on them.

You also have to inform the client how you use “Cookies” on your site and any information that may be collected and why. Canada has it’s own Privacy laws and the CAN-SPAM Act that came into force on January 1, 2017, in addition to the new Privacy laws enacted in the State of California, and well… you get the idea.

Privacy is the utmost concern and the security of and the handling of the personal data.

Resources
https://www.torys.com/insights/publications/2018/06/how-will-the-eu-gdpr-affect-canadian-businesses https://www2.deloitte.com/ca/en/pages/risk/articles/GDPR-and-Canadian-companies.html