Canadian tech companies trying to navigate the looming General Data Protection Regulation (GDPR) — which affects any Canadian company that holds the data of European citizens — should look no further than the recent Facebook Live panel with BetaKit and PwC Canada.
With PwC Director of cybersecurity and privacy Jordan Prokopy, and Sampler VP of product Erik Davis, the conversation with BetaKit’s Editor-in-Chief Douglas Soltys touched on what GDPR means and how companies can prepare for the coming regulation. Under GDPR, Canadian companies are also required to ensure that services they employ comply with GDPR, creating a complex web of responsibility.
“The idea of the consumer back in control has really changed our most fraught contracting discussions and made contracting a lot easier.”
Despite the nervousness around GDPR, there can be advantages to startups that embrace the trend away from the consumption of data to its proper management. According to Davis, discussions around data ownership, from startups to large enterprises, have been fraught to date, noting that it’s difficult for a 20-person startup to have a conversation with a 50,000-strong enterprise customer about who should own the data and what responsibilities they have. But with GDPR, the conversations now have to happen.
“The consumer ultimately owns their data, and this is about who has control over it and who can use it and under what aspect of the regulation they can use it under. Is it a consent model? Which, of course, where most of this is going to,” he said. “The idea of the consumer back in control has really changed our most fraught contracting discussions and made contracting a lot easier.”
Davis also noted that VCs are starting to ask startups about their data and privacy management policies – an abrupt change from the last decade’s focus on investing in companies capable of quickly collecting and monetizing data.
For Prokopy, the most fascinating aspect of GDPR is how readily the regulation surpasses traditional borders. “So much of trade is so tied to the free flow of information,” she said. The implication being that regulation that affecting information flow could create barriers more familiar in the 20th century than the 21st. Prokopy gave the example of companies geofencing websites to prevent citizens from regulation-heavy countries from accessing them.
“Perhaps you can purchase something [on that website], but perhaps only one or two people have purchased something there. You have just determined that ‘this is not a priority for us’… let’s just not allow the website to be available in the European Union.”
While the need for digital passports might be far away, GDPR is fast approaching (as well as similar Canadian regulation). Thankfully, the video below outlines the steps Canadian tech companies can take to ensure they’re covered.
Watch the full conversation below: