If your business conducts transactions with countries that are part of the European Union then you need to be aware of the new General Data Protection Regulation (GDPR), a legal framework whose focus is the protection of personal data. It builds on existing data protection laws, setting out the responsibilities of businesses in relation to the personal data they collect, hold, transmit and otherwise use.
The GDPR is extra-territorial in nature and applies not just to organizations within the EU who process the data of individuals but also organizations outside the EU who offer goods or services to individuals in the EU, or who monitor the behaviour of individuals in the EU. Because the EU is a trading partner of most countries, the GDPR’s wider scope means it has implications for many businesses worldwide, and will effectively require them to be compliant if they wish to operate in EU member states either directly or as a third-party for others.
As one example, if a company based in the United States or Canada, or another non-EU country, collects or processes personal data of any employee, prospect, customer, partner, or supplier that is based in the EU, that company will need to be compliant with the GDPR.
Sage has put together many resources to help organizations potentially affected by these changes. You can start by watching the GDPR Summary Video (3:42) or In-depth videos (10:11) below. You can access more information and resources at Sage's Canadian GDPR site.