Goodmans comments on impact of GDPR fines on Canada

Canadian businesses must be able to adapt to future direction of local privacy laws

Goodmans comments on impact of GDPR fines on Canada
The Information Commissioner’s Office recently imposed fines on British Airways and Marriott International for infringement of GDPR

According to a bulletin by Goodmans, recent fines under the EU’s General Data Protection are of interest to Canadian businesses operate in the EU, especially if Canada revises its privacy laws in a manner resembling GDPR.

The update comes after the Information Commissioner’s Office (ICO), the UK’s independent authority on data privacy, imposed fines on British Airways and Marriott International, worth £183.4 million ($297.2 million) and £99.2 million (US$160.8 million), respectively, for infringement of GDPR.

GDPR, which came into effect in May 2018, governs personal information collected by organizations. The regulations apply to any information relating to an identifiable person, who can be directly or indirectly identified through the information, such as names and IP addresses. The regulations impose significant accountability obligations on both data controllers (the entity determining how data is collected and used by the organization) and processors (third parties engaged in processing personal data for controllers).

Under the regulations, organizations found to have seriously breached GDPR can be fined up to 4 per cent of annual global turnover or €20 million ($29.3 million), whichever is greater. Lesser infringements, such as failing to notify supervising authorities and data subjects about a breach, or failing to conduct an impact assessment, can result in lesser fines.

According to Goodmans, GDPR applies to Canadian businesses that conduct business in the EU. Aside from companies that have physical offices in the EU, it also applies to businesses that offer goods and services to individuals in the EU through websites or mobile apps. In some circumstances, collecting personal information about individuals in the EU can also engage GDPR.

Furthermore, Goodmans believes that Canada’s own privacy regime take a more GDPR-like approach, with the Government of Canada having announced a Digital Charter, which may be a sign of Canadian privacy law adapting a GDPR-like system. In recent months, the Privacy Commissioner of Canada has taken “aggressive actions” based on a potential interpretation of Canadian legislation that incorporates concepts found in the GDPR.

Canadian businesses should ensure not only that they have the safeguards to comply with current law but also the ability to adapt to future requirements, the law firm advised.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

COVID-vaccine skeptic doctor loses anti-SLAPP case at Court of Appeal

Information and Privacy Commissioner calls for retention of public input in Policing Act amendments

Ontario Superior Court confirms party’s entitlement to broad medical and rehabilitation benefits

Ontario Court of Appeal upholds estate's right to full range of damages in a vehicle accident case

Legal groups voice concerns over Ford repeatedly saying he wants 'like-minded' judges

Upcoming FACL conference focused on AI’s impact on profession, advancing careers of Asian lawyers

Most Read Articles

Legal groups voice concerns over Ford repeatedly saying he wants 'like-minded' judges

COVID-vaccine skeptic doctor loses anti-SLAPP case at Court of Appeal

Legal Innovation Zone launches program to help legal tech entrepreneurs turn ideas into businesses

Upcoming FACL conference focused on AI’s impact on profession, advancing careers of Asian lawyers