What Canadian and US Businesses Need To Know About GDPR

May 1, 2018
By   Jen McDonnell
Category   Technical

In this blog series, we will cover:

•  Blog 1: What is the GDPR?
•  Current post: What Canadian and US Businesses Need To Know
•  Blog 3: How It Affects Your Facebook Tracking and Advertising
•  Blog 4: How It Affects Your Google Tracking and Advertising

In our previous blog post, we explained the General Data Protection Regulation (GDPR) laws that are being implemented in Europe, and how it will affect businesses in Canada and the US. Here, we review specific steps you need to take going forward to make sure you’re adhering to the GDPR.

What are my responsibilities?

Here are your responsibilities as the data controller:

  • To obtain explicit informed consent anytime you collect personal data
  • To contact anyone whose personal data you currently have and obtain lawful informed consent if you did not do so when you first collected their information
  • To keep a detailed database of everyone who has consented to have their data collected along with proof that they gave consent (e.g. when they gave it, through what medium, and so on)
  • To have a clear and viable means for data subjects to withdraw consent, have their information erased, change their processing preferences, or access their data
  • To respond to data requests within 1 month
  • To provide requested data free of charge and in a format that is easily accessible
  • To obtain consent again if you wish to use data in a new manner that was not consented to when you first collected data (e.g. you decide you want to do email marketing, if you didn’t say you would use information in that way before, you must get consent to do so going forward)
  • To implement proper security measures to protect data and inform people if their data has become compromised within 72 hours

Consequences of non-compliance

You need to take these regulations seriously because if you are proven to be non-compliant the consequences could mean hefty fines. Any data subject who has their information unlawfully collected has the right to compensation and as such there’s something to be gained from reporting your non-compliance beyond denying you their data. You may be subject to administrative fines up to 20,000,000 EUR or 4% of your company’s total annual turnover of the preceding year, whichever amount is higher.

What’s next?

While these guidelines don’t come into effect until May 25, 2018, you should be considering your changes right now—especially, since it applies to data that was collected before then. Again, if you’re not collecting data from anyone in the EU, you don’t need to worry about these changes right now. That being said, as people become more concerned about their privacy, establishing yourself as a business committed to transparency and explicit consent can only help your image.

In our next blog posts in this series, we’ll discuss the specific steps you need to take to ensure your Facebook and Google tracking and advertising is compliant.

Note: We aren’t lawyers, so please be sure to review your obligations with your legal team. The information we share is based on general marketing best practices and information our team has reviewed from a variety of sources. 


“GDPR Overview.” GDPR EUorg, www.gdpreu.org/.

“General Data Protection Regulation.” Facebook Business, www.facebook.com/business/gdpr.

“General Data Protection Regulation (GDPR) – Final Text Neatly Arranged.” General Data Protection Regulation (GDPR), gdpr-info.eu/. – Article 6, 7, 8, 32 and Recital 42, 30

“Reform of EU Data Protection Rules.” European Commission – European Commission, 10 Mar. 2018, ec.europa.eu/info/law/law-topic/data-protection/reform.

“Updating Our Product Terms.” Facebook Business, www.facebook.com/business/news/updating-our-product-terms.

This blog post is part of a 4-part series. Keep reading:

•  Blog 1: What is the GDPR?
•  Current post: What Canadian and US Businesses Need To Know
•  Blog 3: How It Affects Your Facebook Tracking and Advertising
•  Blog 4: How It Affects Your Google Tracking and Advertising


GDPR privacy


Jen McDonnell

Jen is the Vice President of Content and Social Media at Reshift Media, where she manages a team responsible for the social strategies for several national and international brands. She has a strong content background, having previously worked in online journalism for 10 years. Her articles have been published in the National Post, the Ottawa Citizen, the Vancouver Province, the Calgary Herald, Flare, and more.

Write a comment

Your email address will not be published. Required fields are marked *