After a number of high profile data breaches occurring in 2017 (the Equifax data breach and Facebook Ads vulnerabilities were probably most well known to Canadians), the European Union put the finishing touches on it’s robust data protection framework, the General Data Protection Regulation, or GDPR, and began enforcing it on the 25th of May, 2018. The implications of this new regulation for online businesses worldwide were significant, and the potential penalties for failing to comply are considerable. Fines of up to 20 million Euros or 4% of a company’s annual global revenue, can be levied against companies inside or outside of the EU.
Canada already had its own privacy protection policy established in the Personal Information Protection and Electronics Document Act (PIPEDA), which was enacted way back in April of 2000. This law applies to any Canadian company or any company that collects information from Canadian visitors. There are two different types of personal information defined by PIPEDA:
- Customer – name, address, banking info, etc.
- Employee – Social Insurance Number, work history, Record of Employment, etc.
So what does this have to do with me?
What about cookies?
So how about a little privacy?