General Data Protection Regulation

We have you covered!


The General Data Protection Regulation, or GDPR, is a new privacy regulation across the European Union focused on protecting and enabling the privacy rights of individuals. WhistleBlower Security currently adheres to the Personal Information Protection and Electronic Documentation Act of Canada. This stringent legislation ensures WhistleBlower Security is in a strong position to be prepared for the GDPR.

The GDPR creates strict global privacy requirements governing how you manage and protect personal data while respecting individual choice – no matter where data is sent, processed, or stored.

The GDPR not only applies to companies within the EU, but also to companies who market goods or services to EU consumers. Complying with the GDPR will strengthen customer trust, help your business avoid penalties, and provide better protection of data in your system.

WhistleBlower Security utilizes Microsoft’s Azure Cloud platform for all our data storage. Microsoft is committed to ensuring compliance with the most comprehensive set of compliance and security offerings of any cloud provider to ensure the privacy and security of our clients.

The GDPR takes effect on May 25, 2018. It replaces the existing Data Protection Directive (Directive 95/46/EC), which has been in force since 1995.


  • Requiring transparency on handling and use of personal data
  • Limiting personal data processing to specified, legitimate purposes
  • Limiting personal data collection and storage to intended purposes
  • Enabling individuals to correct or request deletion of their personal data
  • Limiting the storage of personally identifiable data for only as long as necessary and for its intended purpose
  • Ensuring personal data is protected using appropriate security practices


  1. Transparency and traceability – WBS will execute a contract with all EU clients specifying obligations under General Data Protection Regulation (GDPR).
  2. WBS will deliver documented instructions agreed upon with EU clients regarding data processing.
  3. WBS will provide documentation demonstrating our GDPR compliance.
  4. WBS will warranty to our EU clients that our data processing is designed with data protection in mind.
  5. WBS will warranty to our EU clients that only the necessary data is processed, that it is only retained for the necessary amount of time and is only accessible to the necessary people to the extent required to provide the service.
    a. This requires automatically deleting data after a certain period.
    b. Applying principals of least privilege access.
    c. WBS will process requests for data access/modification/deletion.
    d. WBS will create client specific process for automatic data deletion/transmission back to client.
  1. Individuals with access to the data will be subject to a confidentiality agreement.
  2. Breaches of data will be notified to clients within 72 hours.
  3. An appropriate level of security will be guaranteed.
  4. At the end of the WBS/client agreement, all data will be deleted or returned to the client unless there is a legal obligation to retain data.
  5. WBS will assist our clients responding to requests to exercise data subject rights.
  6. WBS will notify our clients if their instructions infringe GDPR rules.

Our Data Protection Officer is committed to ensuring security through our Information Security Policy and the related tools, processes, and integrated teamwork that is required to meet regulations under the GDPR.

Here are a few steps for you to start your own GDPR preparation:

  1. Discover – identify what personal data you have and where it resides.
  2. Manage – govern how personal data is used and accessed.
  1. Protect – establish security controls to prevent, detect, and respond to vulnerabilities and data breaches. GDPR requires that notification occurs within 72 hours of a data breach. Can your current business manage that?
  2. Report – execute on data requests, report data breaches and keep required documentation.

WBS is here to help private, public, and non-profit EU companies employ the regulations under the General Data Protection Regulation (GDPR) so they can focus on achieving their products and services more efficiently. With our guidance, you no longer need to worry about vulnerable data. This approach to data privacy is a cutting-edge solution that is essential in this technological era.

Contact us today to find out how we can help your company in compliance with the GDPR.


“For the past five years, BC Safety Authority (BCSA) has utilized WhistleBlower Security (IntegrityCounts™) for our internal and external confidential reporting. The service provided to BCSA by WhistleBlower Security is very professional. Any questions we may have, are addressed quickly and efficiently. As a confidential service, both employees and the public are secure in the knowledge that their identity remain anonymous. We have no hesitation in recommending WhistleBlower Security.”
BC Safety Authority
“B2Gold has utilized WhistleBlower Security’s ethics hotline and case management services for over a decade. Their service, responsiveness, and attention to detail has been greatly appreciated given the diversity of our global operations. They are committed to ensuring their clients are taken care of and that our employees have an alternative, safe and consistent method of communicating with us. We absolutely recommend them as a reliable, proactive partner that will deliver on their promises.”
B2 Gold

Contact US

WhistleBlower Security Inc.
1455 Bellevue Avenue #300
West Vancouver, BC V7T 1C3

Request A Callback