EU General Data Protection Regulation – Compliance or not?

If you use computer software or websites, you probably have heard of the EU General Data Protection Regulation (GDPR.) It seems that everyone is gearing up to be compliant by May 25, 2018.

The GDRP is based on seven key principles. These are:

  1. Lawful, fair and transparent processing,
  2. Purpose limitation,
  3. Data Minimization,
  4. Accurate and up-to-date processing,
  5. Limitation of storage in the form that permits identification,
  6. Confidential and secure, and
  7. Accountability and liability.

For the most part, I have always worked towards compliance with this regulation, but I will not be compliant on May 25, 2018. I will point out that I am not required to be compliant as I do not work explicitly with EU citizens. My work is with Canadian resident individuals/businesses and individuals/businesses who have Canadian tax implications.

Compliance with all but the final principle is currently in place. In order to be compliant with the accountability and liability principle, I am required to be able to remove client data. Under Canadian laws and regulations, I am required to keep that same data for audit by the government. While I can move client information to an inactive state, I can’t remove it. This is the extent that I can be compliant.

If a EU citizen wishes to use my services, they must be aware that, during a conflict between the Canadian requirement to retain the information and the EU requirement to permit someone “to be forgotten,” I must remain compliant with the Canadian requirements.

For the above reason(s), I must regretfully decline full compliance with GDPR.

So you filed… That’s it, right?

Think again...

The Canada Revenue Agency is reviewing the 2016 tax returns. In fact, they are also calling for details on 2014, 2015 and 2016 during 2017.

It is important to note the following:

  • The CRA will provide only 30 days to reply to their request for information. They allow only one extension.
  • The reply must be sent to the same location that requested the information. This may not necessarily be the same as where you filed your tax return or that issued your Notice.
  • Failing to comply with the request will result in a denial of your claim and cause a reassessment of your tax return resulting in a balance owing.