©2018 by Canadian GDPR Compliance

December 17, 2018

A golden thread throughout the GDPR is the need to be able to demonstrate compliance. Being able to demonstrate compliance depends on good record keeping, whether in written, aural (sound clips), visual (photographs) or other forms. GDPR has 34 references to the need t...

November 16, 2018

This is a case to watch, because it will determine the extent of the GDPR's reach with respect to Canadian companies

October 17, 2018

Article 33 of the GDPR requires notification of a data breach to be made to the relevant supervisory authority within 72 hours of becoming aware of the breach.

Not every breach needs to be reported to the relevant EU privacy commissioner though; if a breach contains non...

September 3, 2018

Article 5.1.d requires personal data to be accurate. In fact, "...every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay."

The requirement is...

August 24, 2018

This is a frequent "reason" we have heard Canadian organizations cite for not pursuing GDPR compliance. However, Article 50 of the GDPR indicates how it will be enforced outside the EU:

In relation to third countries and international organisations, the Commission and s...

June 10, 2018

A question was recently asked about how we could simplify GDPR compliance reporting to the board, given that not all board directors are familiar with GDPR. It is an important question, because ensuring that the risks associated with GDPR non-compliance are appropriate...

Please reload

Our Recent Posts

Please reload


Please reload


Please reload