In May, the European Union General Data Protection Regulation (GDPR) became effective and it replaced Directive 95/46/EC. The GDPR, which has stricter requirements and obligations imposed on organizations and brings with it a wider territorial scope, is applicable to the processing of personal information extraterritorially if the organization offers good or services to data subjects in the European Union (EU) or monitors the behavior of the data subjects as far as their behavior takes place in the EU. Businesses in British Columbia should prepare for GDPR by determining whether they might be defined as controller or processor, review and update privacy policies and data processing practices, consider encrypting and de-identifying personal information, consider upgrading the current infrastructure to secure personal information collected, and enter into data sharing agreements with clients who may be considered controllers or processors under GDPR.
