Support Centre
PIPEDA
Back

PIPEDA

Comply with PIPEDA

The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.

OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.


Latest developments

Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would reform Canada's privacy legislation under PIPEDA. In particular, the bill would enact the Consumer Privacy Protection Act ('CPPA'), which would protect the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would repeal Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act. In addition, the bill would enact the Personal Information and Data Protection Tribunal Act ('the Tribunal Act') for the establishment of an administrative tribunal to hear appeals of certain decisions made by the Office of the Privacy Commissioner of Canada ('OPC') under the CPPA, and facilitate the imposition of penalties.

You can read the bill and track its progress here.


PIPEDA v. GDPR

OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.


Canada Privacy Landscape Overview

Watch our Canada Overview video to understand the state of privacy in Canada today.

PIPEDA v GDPR

GDPR Benchmark

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Scope Benchmark

    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Rights Benchmark

    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina
    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia
    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Enforcement Benchmark

    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia
    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free
Mechanisms - APEC CBPRs
Cybersecurity
Facilitation of Data Subject Rights
Health and Pharmaceutical
Standards and Frameworks
Vendor Contracts
Vendor Management
Breach Notification - To Affected Individuals
Breach Notification - To Authorities
Breach Notification - To Data Controllers
Incident Response
Whistleblowing
Direct Marketing
Email Marketing
Direct Marketing
Telemarketing
Direct Marketing
Postal Marketing
Direct Marketing
SMS | MMS Marketing
Employee Monitoring
Schrems II
Cross-Border Data Transfer
Third Countries
Data Protection Officer Appointment
Data Protection Officer Tasks
Privacy Impact Assessments
Cross-Border Data Transfer