There’s been a lot of buzz lately about the new GDPR, but do you know what it means for your organization?
Today the IPC released a new fact sheet on the European Union’s (EU) General Data Protection Regulation (GDPR), a new privacy law that came into effect on May 25, 2018. The GDPR applies to the collection, use and disclosure of personal data by organizations inside the EU. While our office does not oversee or enforce the GDPR, and the new law is unlikely to apply to most activities conducted by Ontario’s institutions and health information custodians, it may have implications for organizations based in Ontario if they:
• offer goods and services to individuals in the EU
• monitor the behaviour of individuals in the EU
The fact sheet is designed to provide institutions and custodians in Ontario with some general information on how it might apply to them. How the law is applied and interpreted will depend on future decisions and guidance by the EU data protection authorities and courts. Visit the EU’s GDPR website for more in-depth information.