Diana McLachlan
Si vous êtes comme moi, nous dit Diana McLachlan de notre bureau de Toronto, depuis un peu plus d'un mois, vous recevez plusieurs courriels chaque jour vous demandant de vous abonner à des communications électroniques. C'est que depuis le 25 mai 2018, le Règlement général sur la protection des données (RGPD) ou l'acronyme anglais plus connu GDPR, fait dorénavant partie de notre réalité. La réglementation européenne avec de nouveaux droits et de nouvelles obligations est en train de chambouler les façons de faire alors que les entreprises cherchent à s'assurer de mettre leurs données en conformité.
Le RGPD et la loi fédérale sur la protection des renseignements personnels qui régit les organismes du secteur privé (Loi sur la protection des renseignements personnels et les documents électroniques ou LPRPDE) ont plusieurs caractéristiques communes. Or, il est important de souligner qu'il y a de nombreuses différences dans les deux lois. Si vous êtes une entreprise canadienne avec des propriétés numériques, vous allez fort probablement devoir revoir vos façons de faire quand vient le temps de collecter et de conserver les données de vos relations d'affaires et consommateurs. Car le RGPD n'est pas circonscrit à l'Europe. (Le billet est en anglais.)
If you're like me, over the past month or so you've been receiving daily emails from a slew of organizations asking that you 'opt-in' to future digital communications. That's because as of May 25, 2018 – the General Data Protection Regulation (GDPR) is here to stay.
Designed to harmonize data privacy laws across Europe with the aim of protecting European Union (EU) citizens, the GDPR is transforming the way organizations across the pond approach data security and privacy. What many Canadian organizations – especially Canadian publishers, e-commerce businesses and digital marketers – don't yet realize is how much this new EU regulation will impact their own Canadian business.
GDPR and Canada's federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), have several similarities, however, it's important to note that they do indeed have their differences and if you're a Canadian organization with digital properties – you may need to rethink your approach to collecting consumer data to comply with both. While some Canadian businesses may take comfort in the fact that much of the new regime will be familiar under our existingprivacy laws, the GDPR contains many new or enhanced requirements.
The GDPR is not bound to a region.
Canadian companies with a website that collects information, whether the user is ordering products or simply accessing information, are impacted. The GDPR applies to any organization, wherever located, that uses and/or stores the personal data of EU citizens, whether they're students, tourists or online customers. This means any digital interaction with someone could have implications. For example, a Canadian business that collects personal information about residents, such as email addresses or phone numbers, even an exchange of cookies, is subject to the GDPR regulations.
Source: AVENIR GLOBAL
No business is exempt – and the cost of violation is steep.
It doesn't matter how big or small your business is, the GDPR will still apply if your digital properties are marketing to EU citizens. The regulation is based solely on data used, and how your company handles that data. The GDPR has global reach, and those who do not adhere to its regulations when dealing with European consumers could face fines of up to €20 million or 4 per cent of a company's annual worldwide revenue, whichever is higher. This means that any Canadian business that violates the GDPR risks fines of $30 million CAD or more. Let that sink in.
A GDPR guide for Canadians
If you're a Canadian marketer and you're concerned you may be in violation, check out the European Commission website, which offers information to help businesses comply with GDPR requirements that you may find helpful. The Canadian Marketing Association (CMA) has also published the Guide on EU GDPR and ePrivacy Regulation to provide support for compliance. See the CMA's guide by clicking here. I
——— Diana McLachlan était vice-présidente et chef de cabinet au Cabinet de relations publiques NATIONAL
