Does Act 25 apply to your company?
The Act to modernize legislative provisions respecting the protection of personal information (Act 25) applies to any company that has a digital presence or manages personal information in Quebec.
It changes the way you collect and store the personal data of your customers and employees.
The purpose of Act 25 is to protect privacy and ensure that appropriate security measures are in place.
What types of sanctions can be imposed for non-compliance?
- Administrative and pecuniary: up to $10M or 2% of worldwide revenue.
- Criminal: up to $25M or 4% of worldwide revenue.
- Individuals: private right of action for punitive damages, including class action suits.
What obligations must be in place?
All requirements must be in place by September 22, 2024, including the right to be forgotten and data portability.
Summary of obligations under Act 25
How to address obligations and meet deadlines?
Secur01 has the compliance expertise, cybersecurity competence and experience of multiple Act 25 compliance mandates for clients of all sizes and industries.
- Need advice on how to orient yourself to the requirements of Act 25 and ensure rapid compliance?
- Would you like to acquire a toolkit of generic documents to help you comply with Act 25?
- Would you like the support of compliance and cybersecurity experts throughout the process?
- You need to focus on your operations and don’t have the time to take care of compliance on time?
- Would you like a team of experts to take full charge of IT compliance and data protection in managed mode?
Contact us to ensure your compliance, increase your cyber resilience, reduce your risks and optimize your costs.
