What is the General Data Protection Regulation (GDPR)?

What is the GDPR?

In a nutshell, the General Data Protection Regulation is a new European legal framework governing the use of personal data. It will replace all existing national data protection laws across the EU and will apply across all EU markets including the UK.

The GDPR will regulate the use of data in digital advertising and introduces data protection obligations on many digital ad businesses for the first time.

How does this Apply to Canada?

  • The GDPR will apply based on where an individual is location not where a business is located. Canadian companies have to comply with the GDPR if:
  • they offer goods / services to individuals in the EU, regardless of whether a payment is used; and / or
  • they ‘monitor’ an individual’s behaviour in the EU (e.g. by processing personal data to infer interests / preferences)

What Rights do Consumers have under the GDPR?

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right to erasure
  • The right to restrict processing
  • The of data portability
  • The right to object
  • The right not to be subject to automated decision making

How Can Canadian Companies Comply?

The good news is that the Canadian PIPEDA legislation is quite well aligned to the GDPR. IAB Europe is currently working with several global stakeholders to launch an industry-wide solution that will allow third parties to access a GDPR registry. The solution will allow the entire supply chain access to encoded opt-in data that will help facilitate appropriate ad serving protocols.

To stay informed:

  • Contact us to set up webinars or presentations
  • Become one of the first IAB Canada members to implement the GDPR compliance framework
  • Participate in our regular Council and Committee discussions on the subject