In this blog, we explain the difference between the roles of data controllers and processors and delve into the vendor due diligence process, providing North American organisations with essential steps to maintain GDPR compliance. You’ll learn how to: Overview According to a report by technavio, the global outsourcing market is expected to grow by $88.8 […]
5 steps to GDPR-compliant vendor due diligence Read More »
In this blog, we break down the essentials of GDPR compliance for lead generation, focusing on what North American businesses need to know when targeting or engaging with individuals in the EU and UK. Whether your lead generation is managed in-house or through a third-party provider, understanding your obligations under European and UK data privacy
Lead generation and the GDPR: A guide for North American businesses Read More »
Data retention strategies for GDPR compliance matter, even for North American organizations. The UK and EU’s General Data Protection Regulation (GDPR) has extra territorial reach, meaning it applies to any organization, regardless of location, if that organization offers goods or services to, or monitors the behaviour of individuals in the EU or UK and processes
Data retention strategies for GDPR compliance Read More »
In the second part of our four-part guide to EU AI Act compliance for North American organizations, we explore the Act’s risk-based approach to classifying AI systems. What applications are prohibited, what constitutes ‘high-risk’ activity, and what systems are exempt? For details of the AI Act’s timeline and deadlines for its phased implementation, see Part
EU AI Act compliance part 2: Understanding ‘high-risk’ activities Read More »
Our four-part guide to EU AI Act compliance explores what North American organizations need to know about the upcoming legal obligations when rolling out certain artificial intelligence (AI) technologies under the EU’s landmark AI Act. If your organization operates in or serves EU markets and has AI-driven chatbots to handle customer inquiries, develops predictive algorithms
EU AI Act compliance: What North American organizations need to know Read More »
As the international privacy community marks Data Privacy Day 2025, the conversation around data protection and regulation takes on heightened significance for Canada. With federal legislative efforts delayed and provinces stepping in to fill critical gaps, organizations face regulatory uncertainty. To help navigate these developments, we spoke to these leading experts in the field: Constantine
Data Privacy Day 2025: Navigating privacy in Canada Read More »
For North American businesses operating across the EU and UK, understanding GDPR territorial scope is essential. As digital transactions increase, especially with cloud-based workflows and remote-working teams, personal data is frequently transferred across country borders. This often creates significant regulatory challenges for global businesses striving to remain compliant while ensuring operational efficiency. In this blog,
How GDPR territorial scope impacts North American businesses Read More »
It’s been a busy year for data protection and privacy in Canada and the USA, with significant developments not only across North America, but also globally. As businesses face evolving privacy challenges, understanding the year’s developments and preparing for 2025’s expectations is crucial for maintaining compliance and staying competitive. In this blog, we highlight some
Privacy in Canada & USA: 2024 highlights and 2025 expectations Read More »
In our GDPR Guide for SaaS companies, we look at the key factors that SaaS businesses need to address to ensure compliance with EU and UK data protection laws. For the purposes of the guide, we use the General Data Protection Regulation (GDPR) as a collective term, but please be aware that there are certain
GDPR guide for SaaS companies expanding into EU & UK markets Read More »
