Idahys

Menu
FREE CONSULTATION
Menu
FREE CONSULTATION
EN
EN FR PT

Have you implemented Law 25?

Do not wait to get compliant and avoid expensive penalities

Get started

Have you implemented Law 25 requirements?

Do not wait to get compliant and avoid expensive penalities

Get started

We ensure your organization compliance with Law 25 at every step of its enforcement:

Phase
1

IMPLEMENT

Appoint a Privacy Officer and report privacy incidents

Deadline September 2022

Phase
2

GOVERN

Adopt privacy information
governance and security
policies

Deadline September 2023

Phase
3

OPERATE

Fully comply with law
and provide requirements
on demand

Deadline September 2024

What is the Law 25?

The Modernization of Personal Information Protection Legislation Act, also known as the Law 25, aims to protect the Quebec population by making companies accountable for the personal information they hold. The Law is enforced in 3 different phases:

2022 – Every organizations in Quebec must have Private Officer appointet, collect and report any privacy incident to the “Comission d’accès à l’information du Québec (CAI)”.

2023 – Organizations must adopt governance and privacy policies.

2024 – Organizations must be ready to provide the information on demand, either by the government or any person whose data is collected by the organization.

How to comply in 3 phases?

We help you take actions to apply each legal requirements:

Phase 1

Phase 2

Phase 3

We will train your Privacy Officer on his/her responsibilities.
We analyse your environment and implement the requirement for Law 25
phase 1 :

– Data identification and classification
– Cybersecurity risk assessment and recommendations
– Procedure for managing confidentiality personal data incidents
– Process and report to declare any incident to the Commission d’Accès à l’Information and the person involved

Services
Governance

– Creation of internal policies
– Definition of employee roles
– Complaint management
procedures
– Compliance evaluation of
third parties
– Data protection measures
– Privacy framework

Privacy Impact Assessments (PIA)

– Before acquiring, developing, or
redesigning information systems
– Prior to executing electronic services
using personal data
– Before disclosing information
outside Quebec

Clear and explicit consent:

– Defined purposes for personal
information collection
– Written consent
– Clear communication of
individuals’ rights
– Disclosure of third parties
involved

Complying with data portability means:
– Having a structured and commonly used technological format to inform individuals on their data upon request
– Faciliating the transfer of such information to authorized organizations upon individual’s request (e.g., when changing service providers)

Phase 1

We will train your Privacy Officer on his/her responsibilities.
We analyse your environment and implement the requirement for Law 25
phase 1 :

– Data identification and classification
– Cybersecurity risk assessment and recommendations
– Procedure for managing confidentiality personal data incidents
– Process and report to declare any incident to the Commission d’Accès à
l’Information and the person involved

Phase 2

Governance services:

– Creation of internal policies
– Definition of employee roles
– Complaint management
procedures
– Compliance evaluation of
third parties
– Data protection measures
– Privacy framework

Privacy Impact Assessments (PIA)

– Before acquiring, developing, or
redesigning information systems
– Prior to executing electronic services
using personal data
– Before disclosing information
outside Quebec

Clear and explicit consent:

– Defined purposes for personal
information collection
– Written consent
– Clear communication of
individuals’ rights
– Disclosure of third parties
involved

Phase 3

Complying with data portability means:
– Having a structured and commonly used technological format to inform individuals on their
data upon request
– Faciliating the transfer of such information to authorized organizations upon individual’s
request (e.g., when changing service providers)

Get started

How is it beneficial for you?

Comply with the Law 25 will help you:

Avoid
penalties

Fines range from $15,000 to $25,000,000 CAD, or 4% of worldwide the worldwide revenue.

Protect your
reputation

Safeguarding customer data fosters trust, and mitigates potential data breaches and its consequences

Lower cyber
attacks

Security,measures, regular vulnerability assessments, and employee training will significantly strengthen your cybersecurity defenses

Complying with the Law 25
is mandatory

Do you need support?

Request a custom quote

Want to know more about Law 25?

Read our blog

Not sure if you are taking the right actions regarding Law 25?

Take the quiz!

Any questions?

We’re for you!

Book a free consultation
Email us
en_USEnglish
fr_FRFrench pt_PTPortuguese en_USEnglish

GET STARTED/REQUEST A QUOTE

[hubspot type="form" portal="22805242" id="45d85269-c220-4013-91ab-efadda6da7e3"]

FREE CONSULTATION

[hubspot type="form" portal="22805242" id="f2e9f861-d985-49da-baf4-188582e2b959"]

FREE CONSULTATION

[hubspot type="form" portal="22805242" id="40ec441a-aab6-44ab-bc11-a1c4c42ed0fa"]

SUBSCRIBE TO NEWSLETTER

[hubspot type="form" portal="22805242" id="8c202189-1497-477b-948c-1961848085b3"]

SUBSCRIBE TO NEWSLETTER

[hubspot type="form" portal="22805242" id="f9f2de46-e785-475f-a5f9-eec236653c0f"]

SUBSCRIBE TO NEWSLETTER

Testing Popup
[hubspot type="form" portal="22805242" id="dd4d6676-e6b9-417f-96de-9d5a52c12bbd"]