Personally Identifiable Data under the GDPR
Apr11

Personally Identifiable Data under the GDPR

With the introduction of the General Data Protection Regulation (GDPR) only weeks away, all groups involved in processing the personal data of individuals based in the EU should be aware of their duties under the new law and should be aware of their obligations when processing Personally Identifiable Data under the GDPR. What is Personally Identifiable Data? Personally Identifiable Data is a term used to refer to any piece of information which, either alone or when supported by additional information, allows for the identification of a living person. In the past this was mostly used to designate home addresses or telephone numbers, however this has evolved with the greater presence of technology and mobile devices in everyday life. Recently, the term Personally Identifiable Data can be used when talking about IP addresses, email addresses, social media identifiers, or online images. These elements are not always classified as Personally Identifiable Data, but they may be, depending on the context: a username, or an IP address may be enough to directly identify someone; in contrast,...

Read More
GDPR Call Recording Regulations
Apr10

GDPR Call Recording Regulations

The General Data Protection Regulation (GDPR) call recording regulations will come into force on May 25, 2018. How will the GDPR affect how entities collect, process and store phone calls and phone information? In this article, we will examine the potential impact the GDPR may have on recording phone calls and some steps entities can take to comply with the regulations. Anyone who has ever called a business or customer service line will be familiar with the automatic notice informing them that their call is likely to be recorded. Call recording is a common practice as it allows companies and organizations to monitor their customer care employees, have real world examples for training purposes, and have a definitive reference in case of a customer complaint or any other contentious issue. Given the many important functions that are served by call recording and the enduring preference of many people to call companies for assistance or other reasons instead of using online chats or tools, call recording is likely to be an option that organizations will continue to use for the...

Read More
GDPR Best Practices
Apr10

GDPR Best Practices

With the May 25, 2018, introduction of the General Data Protection Regulation (GDPR) fast approaching, enterprises and organizations must ensure they are up-to-date with and understand the emerging GDPR compliance best practices. As the penalties for GDPR violations are quite severe, it is in the interest of all concerned groups to put these best practices into place. Aside from avoiding sanctions, following GDPR rules can boost a company’s image among consumers. Robust protections and confidence in data security may lead people to more freely share their data with organizations, without them worrying as much about the risk of information breaches. Having said all this, we now present some GDPR best practices which your group may consider implementing. What is the Purpose of the GDPR? A simple but often overlooked first step is taking the time to understand what the purpose of the GDPR is. People follow rules more readily when they know why they are being put in place. A central goal of the GDPR is to allow individuals based in the EU to have more say in how their information is...

Read More
GDPR Documentation Requirements
Apr08

GDPR Documentation Requirements

The new European Union (EU) General Data Protection Regulation (GDPR) will take effect from May 25, 2018 and has specific GDPR documentation requirements. When this happens, institutions and entities that process or store personal data relating to EU residents will be obliged to follow the standards set out in this new law. One particular area to note is the GDPR documentation requirements, outlined in Article 30: Records of processing activities. In their capacity as data controller, groups will be required to record how they process data and other aspects of their data processing activities. Failure to do so could result in hefty fines or other serious penalties. Article 30 of the law lists a number of records that must be maintained by the data controller or the representative acting on their behalf. The list includes basic information; such as the name and address of the data controller, their Data Protection Officer (if relevant), and their representative; as well as the purpose of the processing. It also includes some more detailed information relating to transfers of data to...

Read More
Does GDPR apply to Canada?
Mar19

Does GDPR apply to Canada?

Many Canadian companies are investigating the question: does GDPR apply to Canada and Canadian companies? While there are existing laws in place to facilitate the flow and exchange of information, including personal data, between groups based within the European Union (EU) and groups based in Canada, the introduction of the General Data Protection Regulation (GDPR) on May 25, 2018, will quite probably impact and change the current situation. The Personal Information Protection and Electronic Documents Act, known as PIPEDA, is the name of the law that is currently in effect. The EU does not have an overly favorable view on PIPEDA’s ability to hold Canadian entities to the standards necessary to comply with the GDPR. In any case, no matter where they are based – be it Canada, Colombia, China, or Cyprus – entities that process or store personal data relating to people living within the EU will need to follow the rules laid down in the GDPR. What Action do Canadian  Companies Need to Take? Companies based in Canada will need to review and take stock of the information they have...

Read More