28 | LEXPERT • June 2018 | www.lexpert.ca/usguide
connection with the EU (even monitoring
remotely the behaviour of EU citizens).
This is why it's important to under-
stand some of the key new parameters of
this broad, sweeping data-protection re-
form effort.
Why a New GDPR?
The EU legislation for GDPR was ad-
opted in April 2016 by the European
Parliament, and the new legislation will
come into effect in May 2018. GDPR
implements some novel concepts, and
also reaffirms some of privacy law's long-
standing principles. Currently, even these
"fair information handling practices," as
expressed in the EU's Data Protection Di-
rective now in force, are being implement-
ed differently within the EU because each
member state has been able to modify its
As protecting data
becomes increasingly
a key cost of business,
the EU's new GDPR,
coming into effect in May,
will dictate new standards
for the protection of
data around the world
By George S. Takach
from Lexpert Magazine
March-April 2018 Issue
THE NEXT CHAPTER
IN DATA PROTECTION
Financing
Data Protection Law began to be
developed in Europe a number of decades
ago. So it is entirely appropriate that
the next chapter in data protection law
— the European Union's General Data
Protection Regulation (GDPR) — also
comes from Europe.
For Canadian organizations with op-
erations or affiliates in the EU, GDPR will
be important indeed. But to be caught by
GDPR, one doesn't have to have a branch
or affiliate in Europe; it is enough that you
have a virtual connection. That is, even if
you do not have an "establishment" in the
EU where personal data is collected or oth-
erwise processed (which includes stored,
used, or retrieved), you can be caught by
the GDPR if you undertake any activity
(such as offering goods or services to EU
residents) that has a "real and effective"
