General data protection regulation

Are you ready for GDPR?

The EU General Data Protection Regulation (GDPR) takes effect on May 25, 2018, creating challenges—and opportunities—for every organization doing business in the European Union. GDPR may apply to Canadian businesses, since a business doesn’t need to have a physical presence in the European Union to be subject to GDPR.

Prepare for GDPR and create competitive advantage

Canada has its own privacy legislation, so the good thing is you’re likely not starting from scratch. But GDPR privacy requirements are more onerous than the existing Canadian privacy legal regime—GDPR represents a step change in the way businesses need to handle privacy.

Organizations that take the opportunity to rethink risk and compliance as they prepare for GDPR will have a unique opportunity to drive distinctive strategy, capabilities and performance.

What steps can Canadian organizations take to prepare?

Conduct a readiness assessment

Understand if GDPR may apply to your company by completing our online quiz. Focus on in-scope areas and assess the risk and possible impact. How much and what type of EU data do you handle? What’s the risk your business may be the focus of regulator attention?

Then gather information to assess your organization’s current GDPR compliance maturity for in-scope areas and to help understand your critical legacy risks.


Find remediation gaps

Identify existing privacy capabilities and the work that needs to be done to bring your organization into GDPR compliance. Take a tactical approach and identify areas where you can limit or out-of-scope GDPR impact altogether.

For example, you could anonymize any EU data you intend to use or stop tracking website visits on an EU web page.

Establish oversight

Put your organization’s ongoing GDPR governance structure and model into place to coordinate and implement your remediation activities.

Implement your program

Get your GDPR program off the ground, remediating any gaps you’ve identified and establishing a rigorous privacy program.

Conduct operation and monitoring

Once GDPR is in effect and your program is in place, conduct ongoing compliance to drive continued accountability and make sure your organization is positioned for future success.

Our GDPR readiness assessment tool

Our GDPR readiness assessment tool helps you understand your current state of compliance and how you benchmark against your peers. Get valuable insights into the work needed to get to your desired end state.

Key GDPR program implementation areas

Strategy and governance

Information security

Data life cycle management

Individual rights processing

Privacy by design

Cross-border data strategy

Data processor accountability

Policy management

Privacy incident management

Training and awareness

Contact us

​Jordan  Prokopy

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Sajith Nair

Sajith Nair

Managed Services Leader, PwC Canada

Follow PwC Canada