The General Data Protection Regulation (GDPR) is a regulation the European Union (EU) adopted as of May 25, 2018, to strengthen and unify data protection for all individuals within the EU.
GDPR codifies data protection rules for all companies that collect data from EU citizens. It expands individuals’ control over how and when their personal data is collected and used.
Canada's adequacy status under the GDPR ensures that data processed in accordance with the GDPR can be transferred from the EU to Canada without the additional data protection safeguards that have been put in place for some other countries.
CMA Guide (members only)
CMA Blog & Other Media
- How the GDPR Impacts Marketers - Challenging Common Misconceptions to Understand Europe's New Privacy Law
- GDPR's Impact on Canadian Business - Preparing Yourself for EU's New Privacy Law
CMA Media Release
- CMA Releases Guide to Help Marketers Understand and Interpret the General Data Protection Regulation
Article 29 Working Party: Guidelines on consent
Article 29 Working Party: Guidelines on transparency
Article 29 Working Party: Guidelines on personal data breach notification
Article 29 Working Party: Guidelines on automated individual decision-making and profiling
Article 29 Working Party: Guidelines on the application and setting of administrative fines
Council of the European Union: Draft ePrivacy Regulation (May 2018)