CanucktAI
Glossary

GDPR

The GDPR is the European Union’s data-protection law, which can apply to Canadian businesses that offer goods or services to, or monitor, people in the EU, with fines up to €20 million or 4% of global turnover.

The General Data Protection Regulation (GDPR) is the EU’s comprehensive privacy law. It has extraterritorial reach: a Canadian business can fall under it if it offers goods or services to individuals in the EU or monitors their behaviour, regardless of where the company is based.

GDPR grants strong individual rights (access, erasure, portability, objection), requires a lawful basis for processing, and mandates 72-hour breach notification to regulators. Fines reach €20 million or 4% of global annual turnover, whichever is higher.

Canada currently holds a partial adequacy recognition under PIPEDA for commercial data transfers, which eases lawful data flows from the EU — though that status is periodically reviewed.

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

GDPR — definition | Canuckt AI