• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
  • FR
Background Image
Bennett Jones Logo
  • People
  • Expertise
  • Knowledge
  • Search
  • FR Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Capital Projects Energy Funds & Finance Mining View all
Advisory
Crisis & Risk Management ESG Strategy and Solutions Governmental Affairs & Public Policy
View Client Work
International Experience
Insights News Events
New Energy Economy Series Business Law Talks Podcast Economic Outlook
ESG & the CIO Subscribe
People
Practices
Industries
Advisory Services
Client Work
About
Offices
News
Careers
Insights
Law Students
Events
Search
Alumni
Payments
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 
Blog

New General Data Protection Regulations in European Union Has Cybersecurity Consequences

July 19, 2017

Written By Ruth E. Promislow, Michael R. Whitt and Archana Ravichandradeva

The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25, 2018. This new regulation replaces the current data protection law (Directive 95/46/EC) substantially and will bring important changes to the nature of data protection and privacy as a whole in the region, intending to create a further modernized and harmonized data protection strategy. 

If you conduct, or are contemplating business in the European Union, this new regulation should be on your radar.

Is Your Organization Subject to the GDPR?

  • The GDPR applies if a data controller (organization that collects data from EU subjects) or processor (organization that processes data on behalf of data controller such as cloud service providers) or the data subject (person) is based in the EU.
  • The GDPR applies to organizations which have EU “establishments”, where personal data is processed “in the context of the activities” of such an establishment. This is a broad flexible test that encapsulates a wide range of business activity. An organization may be “established” where it exercises “any real and effective activity—even a minimal one” in the EU. Even having one representative in the EU, or having a sales office to promote and market goods and services to EU residents may be enough to engage the GDPR.
  • Even non-established organizations have to consider and prepare for the GDPR if they engage in processing the personal data of EU subjects, especially if this data will be used to monitor the subject's behaviour in the EU or generate profiles of users’ "preferences, behaviours and attitudes".
  • The regulation also applies when goods or services are intentionally offered to data subjects in the EU—specifically marketing those goods and services to EU citizens, using currency generally used in one or more EU states, or allowing customers to purchase goods in a language generally used in one or more EU states.

What Are Some Consequences?

  • Businesses subject to the GDPR will be obligated to meet certain standards of data protection and management. Some contraventions will be subject to administrative fines of up to €10,000,000 or 2 percent of global annual turnover of the preceding year, whichever is higher.
  • Other contraventions attract fines of up to the greater of €20,000,000 or 4 percent of global turnover of the preceding year. These fees are to be meted out on a case-by-case basis.

If you would like to learn more about the potential impact of the GDPR on your business, members of our Bennett Jones Cybersecurity team can assist, and where required can direct you to experienced European counsel.

Download PDF

Author

  • Ruth E. Promislow Ruth E. Promislow, Partner

Fall 2022 Economic Outlook: Managing Risks and Taking Action

Related Links

  • Insights
  • Media
  • Subscribe

Recent Posts

Blog

Ontario Court Refuses to Certify Class Proceeding [...]

February 08, 2023
       

Blog

Competition Act Review Threshold Remains Same for [...]

February 07, 2023
       

Blog

Land Rich, Cash Poor: The Impacts of the PPCLA and [...]

February 06, 2023
       

Blog

What Canada's New Forced Labour Reporting Law (Bill [...]

February 06, 2023
       

Blog

Alberta Court Confirms Exclusive Jurisdiction of Labour [...]

February 03, 2023
       
Bennett Jones Centennial Footer
Bennett Jones Centennial Footer
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
  • History
Offices
  • Calgary
  • Edmonton
  • Montréal
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2023. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones