Skip Navigation

Canada Update: Value of Europe’s GDPR Extends Globally

Bookmark and Share

March 14, 2017

With the Canadian government in the midst of it review of the country’s flagship privacy rule, it has become apparent that Europe’s new General Data Protection Regulation (GDPR) will have an impact that extends far beyond the region.

Under Canadian law, regulations must undergo a periodic review.  This week marks the third week of hearings by the House of Commons’ Standing Committee on Access to Information, Privacy and Ethics during their required review of Personal Information Protection and Electronic Document Act (PIPEDA).

Although PIPEDA, passed into law in 2000, has survived two such reviews in the past with little or no meaningful changes, something appears decidedly different about this review. That difference is the result of the European Union passing the new GDPR, which goes into full effect in 2018.

There is little doubt that PIPEDA was originally aligned with Europe’s Data Protection Directive issued in 1995. It is logical, therefore, that the total revamping of that guiding regulation would have serious ramifications in Canada.

Because the GDPR will introduce severe fines and sanctions, grant enforcement powers to regulators, required extreme vendor due diligence, written policies and mandate data breach notification – all things promoted by Canadian privacy officials (and NAID) for more than a decade – it appears the GDPR has gotten the attention of law makers.

NAID CEO Bob Johnson wrote an article several years ago regarding the fact that Canada, once seen as leader in privacy and data protection, was lagging behind the rest of the world. In that article, Johnson speculated that the proposed GDPR (it had yet to be approved at the time), would strand the country in the data protection dark ages.  Evidently, Canadian law makers see that too. 

This is a great development for reputable service providers with the right qualifications. It is likely that Europe’s influence will continue to spread to Australia next, as well as to Asia and Japan too.

NAID-Europe will hold an event 18 May in Luxembourg titled “Making the Most of the GDPR.” Apparently, NAID members around the world will also benefit from Europe’s leadership in this area.