LitcomLitcomLitcomLitcom
  • Home
  • About Us
  • Our Team
  • Services
    • Strategic Advisory
      • IT Assessment & Roadmap
      • Digital Transformation
      • Security Awareness & Compliance
      • M&A lT Due Diligence
      • Data Protection and Privacy Services
      • User Experience Strategy & Design
    • Implementation
      • Business Intelligence & Data Analytics
      • Vendor Selection
      • Post – Merger Technology Integration
      • IT System Implementation & Optimization
    • IT Staffing Solutions
      • IT Staff Augmentation
      • IT Executive Search & Recruitment
      • IT Contract to Hire Solutions
  • Client Projects
    • Business Services
    • Consumer Products & Retail
    • Finance & Banking
    • Healthcare
    • Logistics, Supply Chain & Transportation
    • Manufacturing
    • Not for Profit
    • Private Equity
  • Insights
  • Contact Us
    • Job Openings

GDPR and Its Implications on Canadian Organizations

Litcom Team 6 March, 2019
GDPR and its Implications on Canadian Organizations

The European Union’s (EU) General Data Protection Regulation (GDPR) came into force on May 25, 2018, and has implications for many Canadian organizations, particularly those controlling or processing personal information in the EU or of its EU data subjects (any person whose personal data is being collected, held or processed).

The GDPR places accountability on Controllers (organizations that determine the purposes and means of processing data) and Processors (organizations that process the personal data on behalf of controllers).

The new GDPR has become a major concern of Canadian organizations for three main reasons:

  1. Scale of requirements;
  2. Broader scope; and
  3. Strict fines in case of noncompliance

This new regulation applies mainly to EU organizations but can also apply to Canadian organizations processing the data of EU citizens and residents. The fines for an organization that is found to be noncompliant can be up to 4% of its annual global turnover (revenues) or up to €20 Million (approx. Cdn $30M), whichever is greater.

GDPR’s Key Requirements

There are a number of key requirements that organization must fulfill to be GDPR complaint as follows:

1. Obtaining consent

The terms of consent in the GDPR must be clear. This means that organizations should avoid padding their terms and conditions with complex language designed to confuse their data subjects. Consent should be easily provided and withdrawn at any time.

2. Breach notification

If a security breach occurs, companies have 72 hours to report the data breach to both their data subjects and the relevant EU regional authority. Failure to report breaches within this timeframe will lead to significant fines.

3. Right to data access

If an individual (Customer/ Employee) requests his/her existing data profile, organizations must be able to provide a detailed electronic copy of the data that was collected. This report should also include the different ways in which the individual’s data is being utilized.

4. The right to be forgotten

In Canada, this requirement is known as ‘the right to data erasure’. Once the original purpose or use of the customer data has been realized, any individual has the right to request the entire deletion of his/her data.

5. Privacy by design

This section of GDPR requires organizations to design their systems with the proper security protocols in place from the start. Failure to design systems of data collection appropriately will result in a fine.

6. Potential data protection officers

In some cases, an organization may need to appoint a Data Protection Officer (DPO). The need depends upon the size of the organization, and how sensitive the data is that it controls/ processes.

Potential Penalties for Noncompliance with GDPR

As stated before, under GDPR, organizations can be fined up to 4% of their annual global revenue, or €20 Million, whichever is greater.

This maximum fine may be enforced in cases where organizations violate the Privacy by Design concepts or fail to have customer consent to process data. Other possible fines may be up to 2% of annual global revenue or €20 Million for lesser offences like failing to maintain sufficient records.

Readiness, Readiness and Once More - Readiness

Even though some of the GDPR guidelines look similar to the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), they are actually more differences than similarities. Statistics collected from EU countries show that the new data protection law is working well . Still, too many organizations have not yet started to review and implement the requirements outlined in GDPR. Some recent studies indicate that up to 20% of organizations have not yet taken the necessary steps to prepare for GDPR compliance.

Written by Nitsan Shachor, GDPR Specialist

The Litcom Approach

Litcom developed a mature approach to GDPR Assessment based on our experienced team members. Our approach includes conducting a GDPR gap assessment or readiness assessment – reviewing the requirements outlined in the regulation and comparing current performance against target capabilities. Such an evaluation will:

  • Make it clear to the executive team where the main risks lie within the GDPR new legislation.
  • Reduce potential penalties for not starting GDPR preparation.

Please contact us for further information.

  • You may also like

    What is Your Organization’s Outsourcing Strategy?

    Read now
  • You may also like

    Don’t Forget about IT Due Diligence in Your Next M&A Transaction

    Read now
  • You may also like

    Why Your Organization Needs an IT Roadmap

    Read now
  • You may also like

    How Leading Companies Are Using a Digital Strategy for Competitive Advantage

    Read now
  • You may also like

    The Power of Executive Dashboards

    Read now
  • You may also like

    Data Visualization | Why Every Organization Needs a DV Plan and How to Get Started

    Read now
  • You may also like

    Health Check for Your Disaster Recovery Plan

    Read now
  • You may also like

    5 Things You Need to Know About Your Non-Technical Audience

    Read now

Contact Us

Address
1275 Finch Ave West, Suite 708
North York, Ontario M3J 0L5

Phone Number
1 800 223 7282

Email Adress
info@litcom.ca

Connect with Us

Menu

  • About Litcom
  • Meet Our Team
  • Services
  • Client Projects
  • Job Openings

Insights

  • Implementation Best Practices for Microsoft SharePoint
  • Best Practices for Conducting a Software Selection Process
  • Would Your Organization Benefit from Engaging A Fractional CIO?
Copyright 2020 Litcom Consulting Inc. | All Rights Reserved | Privacy Policy | Terms of Use
  • Home
  • About Us
  • Our Team
  • Services
    • Strategic Advisory
      • IT Assessment & Roadmap
      • Digital Transformation
      • Security Awareness & Compliance
      • M&A lT Due Diligence
      • Data Protection and Privacy Services
      • User Experience Strategy & Design
    • Implementation
      • Business Intelligence & Data Analytics
      • Vendor Selection
      • Post – Merger Technology Integration
      • IT System Implementation & Optimization
    • IT Staffing Solutions
      • IT Staff Augmentation
      • IT Executive Search & Recruitment
      • IT Contract to Hire Solutions
  • Client Projects
    • Business Services
    • Consumer Products & Retail
    • Finance & Banking
    • Healthcare
    • Logistics, Supply Chain & Transportation
    • Manufacturing
    • Not for Profit
    • Private Equity
  • Insights
  • Contact Us
    • Job Openings
Litcom