GDPR Now in Force

Published on

May 31, 2018

May 2018 Charity & NFP Law Update

The European Union’s Regulation 2016/679, General Data Protection Regulation (“GDPR”) came into force on May 25, 2018 and could have a significant impact upon some charities and not-for-profits in Canada.

As discussed in Charity & NFP Law Bulletin No. 419 and in the March 2018 Charity & NFP Law Update, the GDPR introduced sweeping changes to the privacy rights of individual “data subjects” with global effects that may extend to organizations operating in Canada.

In the wake of the long lead-up to the May 25, 2018 deadline, a number of Canadian organizations have been updating their privacy policies in order to comply with the GDPR and have been informing their users of the changes to their terms.

Similarly, as discussed in the March 2018 Charity & NFP Law Update, Canadian charities and not-for-profits that may collect or process personal data of European Union residents could be caught by the GDPR.  In light of the significant penalties associated with a breach of the GDPR, such Canadian charities and not-for-profits should take proactive measures to review and update their privacy policies and consent mechanisms in order to ensure that they comply with the GDPR, and should be bringing those changes to the attention of their clients, users and other stakeholders. 


Read the May 2018 Charity & NFP Law Update