FEATURES
DO YOU DO BUSINESS IN EUROPE?
YOU NEED TO KNOW ABOUT THE GDPR.
AS THE EUROPEAN UNION ENFORCES A HISTORIC CHANGE IN DATA
PROTECTION LAW, WE LOOK AT HOW THE VAPE INDUSTRY CAN ADAPT, AND
WHAT CANADIAN COMPANIES NEED TO KNOW.
BY RÓISÍN DELANEY
As of May 25, every organization that operates within the 28-member
states of the European Union – including the UK – are subject to
the tightest data protection laws ever known. And that goes for
countries like Canada too, who simply serve clients who are based
in the EU as data protection travels across borders.
In 2016 it was decided the EU would adopt the General Data Protection
Regulation (GDPR) as a gold standard for data protection
across Europe.
The EU's independent data protection authority, the European Data
Protection Supervisor believes introducing the GDPR has been “one
of its greatest achievements in recent years.”
This change is affecting businesses of all shapes and sizes in every
part of the EU, and for many, it has meant increased expenditure,
panic, overtime and a lot of paperwork.
Organizations found to be non-compliant with the GDPR could run
56 | VMC
the risk of fines of up to 4 percent of global revenue or €20 million
– whichever is higher.
BORDERS
Exiting left of stage from the EU won’t get the UK out of having to
play by the rules.
Up until now, data protection law in the UK was governed by an
act introduced in 1998 as a result of an out-dated EU directive. No
one in the nineties could have predicted the progress and influence
technology would sweep over individuals 20 years into the future.
Taking it a step further, the GDPR also applies to companies with
EU citizens as customers. It has what’s called an extra-territorial
effect meaning non-EU countries will also be affected. That means