Why should retailers in Canada care about GDPR even though it’s a European data privacy regulation?
Here are 5 good reasons why:
- Businesses in Canada need to comply with GDPR if they do business in Europe or collect/process personal data from European citizens.
- Even if you don’t do business in Europe, your company might unknowingly be collecting/processing personal data from Europeans (e.g. via website visits or call centres).
- Canada, the U.S. and other countries are in the process of revamping/introducing their own data privacy regulations. It’s expected they’ll be taking cues from some of the rules already set in place by the GDPR. Best to prepare for compliance with GDPR now so you can be prepared when the rest of them come into effect soon. *
- Businesses can face hefty penalties for noncompliance with the GDPR, including fines up to $20 million or 4% of annual global turnover (whichever is greater). The regulators can also put a pause on an organization’s business practices until they can ensure compliance.
- GDPR compliance involves coordination between many stakeholders in a retail organization – including Store Operations, Marketing, IT, Public Affairs, Compliance, Legal and data infrastructure vendors. Best to make sure they’ve all been educated and prepared with a plan in place so it doesn’t affect your brand reputation, consumer trust or business priorities.
To ensure that Retail Council of Canada (RCC)’s members are equipped to protect their businesses from financial, operational and reputational risks, RCC and PwC Canada have developed this member-exclusive Guidebook, Europe’s General Data Protection Regulation (GDPR): How it affects retailers in Canada.
This Guidebook is FREE for Retail Council of Canada members (available in Fall 2019 in French).
*Kate Skipton is currently assembling a Privacy Committee for RCC/CCCD members. Their first meeting is on October 10, 2019. For more information, members can email Kate Skipton, Senior Policy Analyst, Government Relations.