What is GDPR?

The General Data Protection Regulation or GDPR is the new data protection legislation enacted by the European Union and implemented on May 25, 2018.

If your business has a presence in the EU or any of the European Economic Area countries (even if you are not physically in the EU) or offer products/services to EU residents – you will need to comply. Find out all you need to know about GDPR in our blog series here.

How GDPR affects North American Businesses

GDPR  came into effect on May 25, 2018, and the new regulations need to be fully understood by all, especially North American businesses that have customers based in the EU. These changes cannot be taken lightly, as they apply to all organizations (regardless of geography) that collect and use personal data from EU residents. GDPR compliance is a must, and the risks of non-compliance are too great from many different perspectives:


Non-compliance can result in brand damage and loss of trust with customers, business partners and GDPR Supervising Authorities.


Potential of class action law suits brought on by data subjects, that may result in huge legal and compensation costs.


GDPR is establishing fines of up to €20MM or 4% GLOBAL annual revenue, whichever is higher to the organization.


Any incident will result in interruption of day-to-day operations, as EU Supervising Authorities and data subjects must be notified within 72 hours of knowledge of the incident if there is a risk to the compromised individuals.

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”


Our Privacy Experts can help you achieve GDPR Compliance

Headquartered in Vancouver BC, Kirke Management Consulting ensures – through professional development and certification – that we are fully immersed in the developments around GDPR, so that we can in turn guide our customers, locally in Vancouver and across Canada with their GDPR readiness and compliance requirements.

Our GDPR consultants and data privacy experts ensure that the three pillars of Privacy management are present and working together to enable an organization to reach a mature level in their privacy management practices.

10 Steps to GDPR Compliance

If you are unsure where to start or exactly what you need to do to become compliant, our GDPR consultants focus on 10 key compliance requirements that work together to build the right foundation to protect your customers’ personal data.

GDPR Key Compliance Requirements

  1. 1. Governance
  2. 2. Accountability
  3. 3. Notice
  4. 4. Consent
  5. 5. Data Subject Rights
  1. 6. Data Mapping and Processing
  2. 7. Data Transfers
  3. 8. Data Protection by Design
  4. 9. 3rd Party Vendor Management
  5. 10. Breach Notification and Management

Are you GDPR compliant? Complete our complimentary GDPR Assessment to find out.

The Privacy Dilemma: AI’s Double-Edged Sword

Read Article

Privacy risks going viral

Read Article

You've got... a breach notification?

Read Article

Why we need to embrace a more mature attitude towards our data

Read Article