It is trite to point out that information crosses national borders today at an unprecedented rate and with very few barriers. A consequence of this unconstrained international flow of information is that domestic data protection laws increasingly have implications abroad. The recent overhaul in the European Union’s data protection laws is a prime example of this, which will have implications for Canadian organizations of all sizes and types.

Q: What is the GDPR?

A: The General Data Protection Regulation (GDPR) was adopted by the European Parliament in April 2016 and comes into force in May 2018 (replacing Data Protection Directive 95/46/EC that is currently in force in the EU). One of the GDPR’s objectives is to harmonize protections applicable to the processing of personal data across the EU, but it will also have material implications for Canadian organizations.