The type of data being collected will vary depending on the goal of the company and what they plan on using the data for, but generally speaking, basic information such as First/Last Name, Gender, Telephone Number, Email Address, and Mailing Address will be collected.
If as a company you will be sharing data collected from your customers, the details of such a relationship must be disclosed to the customer. In addition, being transparent about your management practices goes a long way in building company culture and trusting relationships with the people you care about the most - your customers.
GDPR & PIPEDA Application
Before a company collects data from their customers, they must determine if they need express or implied consent, and what the exceptions to consent are. The GDPR and PIPEDA have different requirements when it comes to expressed/implied consent and exceptions. Understanding the differences is vital to a company’s privacy compliance.
One of the differences between the GDPR and PIPEDA is that under the GDPR (see policy here), express consent is required to control/process personal data. While PIPEDA (see policy here) requires express or implied consent for the collection, use, or disclosure of personal information. That said, there are some circumstances where the GDPR will allow the processing or control of personal data with implied consent.
Both the GDPR and PIPEDA acknowledge that there are exceptions from the requirements in circumstances that involve compliance with legal obligations. However, they differ in that the GDPR considers performance of official duties to be an exception, while PIPEDA considers law enforcement purposes as an exception.
FOR MORE DOWNLOADABLE CONTRACT TEMPLATES, VISIT DEALPREP.CO/PRICING - ALL-ACCESS PASS for $50 PER YEAR!