Ready or not, GDPR has come; here’s what Canadian B2B business owners need to know

As a Canadian business owner who depends on B2B interactions, you probably remember the commotion surrounding Canada’s Anti-Spam Legislation (CASL) coming into effect in 2014. Those four letters had many B2B businesses in a frenzy as they tried to understand the rules and update their communication consent practices.

Just when you thought you were in the clear, you have four new letters to worry about. You’ve likely heard received several emails from other companies about GDPR compliance in the last month or so. But do you have you considered the impact it could have on your business? Are you in compliance?

The General Data Protection Regulation (GDPR) represents a huge shift in the way businesses are required to handle customers’ data. It came into effect May 25, 2018. And, unfortunately, doing nothing is not an option. If your business isn’t compliant with the new regulations, you could face serious consequences, such as a fine of up to $20 million Euros or four per cent of your annual global turnover.

How does GDPR compare with CASL?

This European legislation was designed to harmonize data protection laws across the European Union (EU). It wasn’t intentionally designed to make a business owner’s job more difficult. Instead, it was created to enhance consumers’ rights regarding their personal data. Here’s how it compares to CASL:

Screen Shot 2018-06-07 at 1.16.47 PM.png

How do I ensure my business is obtaining proper consent?

Under GDPR, it’s not enough to just claim that individuals have given you their permission to be contacted and/or collect their information. Instead, you must prove it. This involves keeping a detailed record of the following:

  • Who consented? What is their full name, company name and job title?

  • When they provided consent? Record the day and time.

  • What information was provided by your company? This should include a copy of your data-collection form, as well as your privacy policy.

  • How did they provide consent? Be sure to retain a date- and time-stamped copy of your data-collection form.

In addition, should a person request that their personal information be deleted from your database, it’s imperative that you keep a record of this request along with its completion date.

How do I create a compliant opt-in process?

Under GDPR, you need to present information clearly to individuals when inviting them to opt in and give you their consent to be contacted or have their data collected. Here are a few tips to remember when writing copy for your opt-in web pages and documents.

  • Use simple language.

  • Avoid technical words or jargon.

  • Write concise statements without ambiguity.

Under these new regulations, people will no longer be overwhelmed with unwanted communications materials. Instead, they’ll receive only the content they opted in to receive. This puts greater control in the hands of consumers, and confirms that every interaction with your business is a desired one.

For more information on GDPR, and to view the legislation in full, visit the EU GDPR Information Portal