On May 25, 2018, the European Union (EU) will have a new law for protecting the personal information (”personal data”) of individuals in the EU.
The General Data Protection Regulation (GDPR) will replace the current Data Protection Directive 95/46/EC with strict legal requirements for informational privacy, including consent, mandatory breach reporting and notification, and being able to demonstrate compliance with the GDPR’s principles. Failure to comply with the GDPR could result in fines of up to €20 million or 4 per cent of annual global turnover, whichever is greater.
Alberta organizations may need to comply with the GDPR if they have an establishment within the EU, or offer goods or services to individuals in the EU (regardless of payment) or monitor the behaviour of individuals in the EU.
The Office of the Information and Privacy Commissioner of Alberta does not oversee the application of the GDPR to Alberta organizations and cannot provide advice regarding compliance with the GDPR. However, numerous guidance documents are available from international data protection authorities, law firms, privacy commentators, and others. The following links are to a few external resources:
Copyright 2017 OIPC. All rights reserved.