Law 25: Seize the opportunities of data compliance!

 

What is Law 25?

The Act to modernize the legislative provisions as regards the protection of personal information, better known as Law 25, was brought into force by the Government of Quebec and represents a significant advance in terms of respect for the privacy of individuals. It makes organizations more accountable for the protection of personal information, while requiring greater transparency on their part regarding its use. It comes at the right time with the growing concerns of citizens about their right to privacy in the face of ever accelerating technological change.

This Act, adopted in 2022, progressively imposes new obligations that must be met every September 22 up to and including 2024.

*Beware, the biggest wave of obligations to be respected arrives in September 2023!

Here is the timeline detailing the progressive coming into force of the new obligations

For more information, you can refer to this guide developed by the Commission d'accès à l'information du Québec.

 
 
 

Benefits and opportunities of compliance with Law 25

For your organization, compliance with these obligations provides an unparalleled opportunity to further develop your information ecosystem, better control the quality of your data, and develop a competitive advantage by leveraging these information assets. These initiatives represent fundamental elements of a strong data culture. Thanks to this culture, you will be able to better understand your internal processes as well as your clients' needs, and thus be able to better seize new business opportunities.

In addition, better controlling the volume of your data, notably by ensuring that it is cleaned up at the input stage, allows you to save storage space and can also reduce the computational power required to load and transform it. This way, you can optimize your own resources while limiting the environmental footprint related to these activities.


Possible sanctions for non-compliance with the Law 25

If you violate this law, the financial penalty could be up to $25 million or 4% of your organization's revenue. The amount of the penalty will be proportionate to the seriousness of the violation and the organization's ability to pay. (Gouvernement du Québec


Why and how do you comply with Law 25?

Some actions are more explicit than others. The important thing is to develop a roadmap to plan for the implementation of initiatives that will enable compliance with the various elements of the Law. Let’s remember there is only one way to eat an elephant: one bite at a time!

In order to successfully implement a Law 25 compliance project, a multi-disciplinary approach must be taken. Indeed, the team responsible for the initiative should be composed of experts with legal skills, data science skills and cybersecurity skills. Videns, with its vast expertise in data science, is the expert of choice to support you in this aspect of your compliance.

When approaching a compliance project, it is not always obvious what the short-term value is or how to measure the real return on investment. The table below provides examples of tangible benefits for all types of organizations taking concrete actions to comply with some of the obligations under Law 25.

 
 

*PIA : Privacy impact assessment


Some actions are more explicit than others. The important thing is to develop a roadmap to plan for the implementation of initiatives that will enable compliance with the various elements of the Law. Let’s remember there is only one way to eat an elephant: one bite at a time!

In order to successfully implement a Law 25 compliance project, a multi-disciplinary approach must be taken. Indeed, the team responsible for the initiative should be composed of experts with legal skills, data science skills and cybersecurity skills. Videns, with its vast expertise in data science, is the expert of choice to support you in this aspect of your compliance.

When approaching a compliance project, it is not always obvious what the short-term value is or how to measure the real return on investment. The table below provides examples of tangible benefits for all types of organizations taking concrete actions to comply with some of the obligations under Law 25.


Get in touch with us by clicking on this link!