The European Union's General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC in May 2018. GDPR has strict legal requirements for informational privacy, including consent, mandatory breach reporting and notification, and being able to demonstrate compliance with GDPR’s principles. Failure to comply with GDPR could result in fines of up to €20 million or 4 percent of annual global turnover, whichever is greater.
Alberta organizations may need to comply with GDPR if they have an establishment within the EU, or offer goods or services to individuals in the EU (regardless of payment) or monitor the behaviour of individuals in the EU.
The OIPC does not oversee the application of GDPR to Alberta organizations and cannot provide advice regarding compliance with GDPR. Numerous guidance documents are available from international data protection authorities, law firms, privacy commentators, and others. The following links are to some external resources:
Copyright 2021 OIPC. All rights reserved.