Essential Data Privacy Laws – Is Your Company Protected?

GDPR

Data Privacy Laws are important to your business, and they are often changing.

Even though it is imperative to make sure your organization is compliant with PIPEDA, it is not the only piece of legislation that could apply to you. PHIPA, MFIPPA, and GDPR all have diverse privacy rules that may relate to the information your business gathers employs and discloses.

Learning and being compliant with all of these data privacy laws may seem overwhelming, but TechReset is here to help make the process simpler when it comes to data disposal. When IT assets and electronic equipment reach their end-of-life, we can make sure all data is disposed of in a secure way.

What is GDPR?

GDPR, or The General Data Protection Regulation, is a set of rules designed to give European Union citizens more agency in the way companies from all across the globe are permitted to utilize their personal data. Under the GDPA, the citizens of the European Union have the right to be familiar with precisely how their personal data is being processed and request that personal data be wiped away or that processing of their data restricted, amongst a lot of other things.

PIPEDA vs. GDPR

Following the revisions on November 1, 2018, you should already be compliant with PIPEDA. The Personal Information Protection and Electronic Documents Act most remarkably declares that companies must get an individual’s permission when they gather, utilize or disclose the personal information of that individual.

While PIPEDA sets regulations around collection, retention and use, permitting Canadians to find out what information organizations hold regarding them, GDPR permits the citizens of the European Union to ask for that information in a machine-readable form to be taken somewhere else, making their data portable.

Possibly “permission” is the most noteworthy difference between PIPEDA and GDPR. Under PIPEDA approval is involved – an individual can give permission to the company to gather information once but then that information can be utilized in a number of different manners. Under GDPR, approval is no longer involved, it must be provided for every single use of the data. This approval must be provided freely and clearly.

Data Privacy Laws and Their Impact on Canadian Business

Even though GDPR regulations are designed to guard European Union citizens, it has had instantaneous ramifications on North American organizations as well. The GDPR directly affects anybody storing data regarding anybody in an EU member state, even though the hardest hit will be the ones that hold and process large amounts of consumer data and organizations whose business models are dependent on obtaining and utilizing consumer data.

Fulfilling GDPR will necessitate tools organizations may not formerly have had to gather the entire data that they hold on an individual. Being a company, you have key responsibilities as a data controller. You must get clear informed permission anytime you gather personal data.

Additionally, you must have the programs and systems in place to have a comprehensive database of individuals who consented and the evidence of their permission, a clear and feasible means for individuals to pull out their permission, have their information removed and/or access their data, and respond to data requests within thirty days.

Other Set of Rules to Be Familiar With for Your Company

MFIPPA (Municipal Freedom of Information and Protection of Privacy Act) is an Act that applies to local government institutions like police services and school boards. This Act summarizes the way such institutions are to guard personal information gathered regarding the individuals they deal with as well as letting them access municipal government information and any records having their own personal information. Collection, use and disclosure are all dictated in this Act.

PHIPA (The Personal Health Information Protection Act) is a set of rules that lets personal health information be revealed within their health sector. Insurance providers and employers who get information from a custodian are only permitted to reveal information for certified purposes.

How to Make Sure Compliance with your IT Asset Disposition and E-Waste Recycling

TechReset is here to make sure that your business stays compliant with data privacy when your IT assets and electronic devices reach their end-of-life phase. To learn more about our services and the way we safely and securely recycle your IT assets, feel free to give us our specialists a call at 905 510 8969 or drop an e-mail at mark@techreset.com!