©2018 by Canadian GDPR Compliance

December 17, 2018

A golden thread throughout the GDPR is the need to be able to demonstrate compliance. Being able to demonstrate compliance depends on good record keeping, whether in written, aural (sound clips), visual (photographs) or other forms. GDPR has 34 references to the need t...

November 16, 2018

This is a case to watch, because it will determine the extent of the GDPR's reach with respect to Canadian companies

October 17, 2018

Article 33 of the GDPR requires notification of a data breach to be made to the relevant supervisory authority within 72 hours of becoming aware of the breach.

Not every breach needs to be reported to the relevant EU privacy commissioner though; if a breach contains non...

September 3, 2018

Article 5.1.d requires personal data to be accurate. In fact, "...every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay."

The requirement is...

August 24, 2018

This is a frequent "reason" we have heard Canadian organizations cite for not pursuing GDPR compliance. However, Article 50 of the GDPR indicates how it will be enforced outside the EU:

In relation to third countries and international organisations, the Commission and s...

July 10, 2018

Yes, you could certainly view GDPR as merely being about compliance. But you could just as certainly view it as a basis for competitive advantage.

July 1, 2018

As part of my diagnostics approach, I divide GDPR compliance into seven categories of requirements, each with multiple sub-categories of requirements (the sub-categories are hard to read here). Each of these sub-categories constitutes a compliance matter that will resu...

June 10, 2018

A question was recently asked about how we could simplify GDPR compliance reporting to the board, given that not all board directors are familiar with GDPR. It is an important question, because ensuring that the risks associated with GDPR non-compliance are appropriate...

May 18, 2018

Many might think of a data breach only as the result of hackers gaining access to your data through unauthorized means, to put it mildly. But it is so much more than this.

In particular, the GDPR defines a data breach as being the accidental or unlawful destruction, los...

Please reload

Our Recent Posts

Please reload


Please reload


Please reload