What is the difference between PIPEDA and GDPR?

 PIPEDA Vs. GDPR

PIPEDA:

• PIPEDA does not distinguish between data controllers and data processors. Rather, PIPEDA applies to all organizations which collect, use, or disclose personal information in the course of commercial activities, and to certain employee personal information. The term 'organization' includes a person and thus PIPEDA applies to both corporations and natural persons, as well as associations, partnerships, and trade unions.
• PIPEDA does not apply to public bodies. PIPEDA only applies to organizations that conduct commercial activities or to personal information about an employee of, or an applicant for employment with, an organization that collects, uses, or discloses in connection with the operation of a federal work, undertaking, or business.
• The term federal work, undertaking, or business as defined in PIPEDA and generally pertains to matters that are within the legislative authority of the federal government, such as shipping, railways, banks, telecommunications, and air transportation, among other activities. Whether an organization conducts commercial activities is not always immediately clear.
• For example, not-for-profit status does not automatically exclude an organization from the application of PIPEDA. Not-for-profit organizations that engage in commercial activities, such as selling, bartering, or leasing memberships, are subject to PIPEDA. PIPEDA does not explicitly refer to nationality or place of residence. However, personal information that is collected, used, or disclosed by organizations during the course of commercial activities will be subject to PIPEDA.

GDPR:

• The GDPR applies to data controllers and data processors who may be public bodies.
• The GDPR defines a data controller as a 'natural and legal person, public authority, agency or other body which, alone or jointly, with others, determines the purposes and means of the processing of personal data.'
• The GDPR defines a data processor as a 'natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.'
• The GDPR provides that it 'should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data.'

Conclusion

While we have covered most of the differences between both the regulations in the above GDPR VS PIPEDA table, it is clear that being Compliant with one regulation does not make you compliant with the other. However, it does make your Compliance journey a lot easier.

The above-stated differences clearly show that GDPR is more comprehensive and demanding. But both the regulation focuses on the principles of transparency and accountability. This definitely helps in setting a foundation for your Compliance efforts. For organizations running a business in the European Union or Canada, will need to strictly follow the Privacy Laws and Standards.