QUEBEC LAW 25

Québec Law 25: the essentials

Formally known as Bill 24, Québec Law 25 is Québec’s strict new and enhanced privacy legislation that came into effect in September 2022. It is overseen by La Commission d’accès à l’information du Québec and represents a significant overhaul of the province’s approach to the protection of personal information.

What exactly is Québec Law 25?

The goal of the new legislation is to improve the privacy rights of the people of Québec and ensure that any organization that handles an individual’s personal information (information that can identify an individual either directly or indirectly), is obliged to do so responsibly, securely and transparently. As such, it’s much stricter than Canada’s Federal Personal Information and Electronics Documents Act (PIPEDA) and is more closely aligned with Europe’s General Data Protection Regulation (GDPR).

Who is affected?

Québec Law 25 impacts all Québec-based organizations that handle the personal information of individuals living in Québec, whether the organization is based within the province or not. This also applies to foreign companies, even those engaged in simple e-commerce and online shopping transactions.

September 22, 2024 marks the end of a 3−year transition period. So as of now, all businesses must be
fully
compliant with Québec Law 25.

What’s changed?

Here’s a quick guide to the key changes in the law you need to be aware of.

Elastify for all your Data Protection & Privacy Readiness (QUEBEC LAW 25, HIPAA, GDPR, PIPEDA, CCPA)

Stricter consent requirements

All organizations must obtain clear and informed consent from individuals before they are permitted to collect, use or share their personal information.

We work with ISO27001, NIST, HIPAA, SOC 2 for your GRC Audit contact Elastify today

Data anonymization

Québec Law 25 has introduced stricter rules to ensure that all personal data is anonymized and cannot be traced back to any individual.

Risk & maturity assessments framework that supports business continuity

Privacy impact assessments

All companies must now conduct assessments to evaluate the risks associated with handling personal data.

Stronger rights for individuals

All Québec residents now have enforceable rights to access any personal information held about them, to correct and delete their personal data, or withdraw consent as they wish.

We specialise in data privacy and GDPR compliance. If you need help contact Elastify

New obligations for businesses

These include the appointment of Privacy Officers, the publishing of compliant privacy policies and the mandatory notification of any data breach to La Commission, as well as to any affected individuals.

Incident response planning & disaster recovery planning from Cybersecurity Risk & Transformation company Elastify

Tougher penalties for non-compliance

Penalties for non-compliance with Québec Law 25 are significant, with the potential for fines reaching up to $25 million or 4% of an organization’s global revenue, whichever figure is higher.

How can Elastify help?

Whether you’re new to privacy legislation or need assistance in aligning your existing privacy protocols and processes with Québec Law 25, we’ve got you covered.

Audit preparation and Governance & Risk Compliance with Elastify that helps you to prepare for successful auditing and certification

Gap analysis and assessment

We’ll assess your current data protection and privacy program, identifying gaps and providing a clear roadmap to compliance.

Data Protection and data Loss protection get robust practices that meet your compliance requirements

Policy & procedure development and implementation

We can update your privacy policies and procedures, ensuring you’re aligned with Québec Law 25 and any other relevant regulations.

vCISO On-demand expertise and strategic guidance to help you build and maintain your security program with Elastify

Training and awareness

We can help foster a culture that recognizes the importance of data privacy, with customized training and education for your teams.

Data mapping and inventory

We can map the flow and purpose of personal data across your systems, creating a comprehensive inventory that ensures transparency and security.

Elastify for all your Data Protection & Privacy Readiness (QUEBEC LAW 25, HIPAA, GDPR, PIPEDA, CCPA)

Risk and privacy impact assessments

We’ll help carry out essential assessments to help identify potential privacy risks and enable development of appropriate mitigation strategies.

Elastify’s Offensive Security practice specializes in Penetration testing using the latest tools, techniques and procedures

Incident Response Planning

Our detailed response plans allow you to address data breaches and privacy incidents efficiently and deliver notifications and remediation in ultra-quick time.

We help create security policies and procedures you need to reach compliance

Technology solutions

Provide recommendations for technology solutions that support data protection, including encryption, access controls, and data loss prevention tools to strengthen your IT infrastructure.

Sign-up to our Newsletter

Sign up to our newsletter to keep up to date with all our latest news and insights.

First Name(Required)
Last Name(Required)
Consent(Required)
By submitting this form you agree to Elastify storing and processing your details in order to respond to your enquiry and accept to be contacted by email with relevant promotional information. For more information please visit our Privacy Policy

Get in touch today and tell us what you want to achieve. We’ll make it happen for you.