GDPR implications for Canadian small business?
https://www.ctvnews.ca/business/ready-o ... -1.3944795
I'm wondering if there are any implications for small business in Canada that may interact with EU citizens. For example our web site has a Contact Us form that sends us an email via our web host. The Contact Us form may contain personal ID information supplied by the user who fills it out. Email is not secure - it's not encoded and typically passes through a couple of intermediate servers. It may end up archived in our email files, and in some cases in a list of enquiries we have received that asked for future follow-up.
What responsibilities do we have, if any? We keep all of our corporate files secure from public access, to the extent that anyone can, but they are not necessarily encrypted on our servers. We can't do anything about the email chain, since much of it is out of our control, and I'm sure the email archive on every computer and laptop is not encrypted. In some cases employees traveling may be accessing their email through cloud services like Gmail too.
Has anyone looked into these issues?