Preparing for the Implementation of Law 25

Law 25 or “An Act to modernize legislative provisions as regards the protection of personal information” will come into force gradually over the next three years. The first deadline to comply is September 22, 2022. It’s coming… Are you ready? Here is a summary of the requirements required by this law as of this year.
Josyanne Cloutier
16 June 2022
Law 25
4 min
se conformer a la loi

Law 25 (Bill 64) or “An Act to modernize legislative provisions as regards the protection of personal information” will come into force gradually over the next three years. The first deadline to comply is September 22, 2022. It’s coming… Are you ready? Here is a summary of the requirements required by this law as of this year.

First bonds from September 2022

Quebec is one of the first provinces in Canada to undertake a reform of its laws on access and protection of personal information. Law 25, officially named An Act to modernize legislative provisions as regards the protection of personal information was adopted by the National Assembly of Quebec on September 22, 2021 (LQ 2021, c 25), in order to significantly modify the following laws:

  • Act respecting access to documents held by public bodies and the protection of personal information (1982);
  • Act respecting the protection of personal information in the private sector (1993).

Based on the European Data Protection Regulation (GDPR), Law 25 brings the most ambitious changes in North America in terms of data protection. This legislative transformation will affect all companies that interact with Quebec residents, even if their head office is outside Quebec.

Its main objectives are:

  • improve the protection of personal information and respect for privacy,
  • provide recourse in the event of non-compliance with regulations by organizations.

This law will create many obligations and will change the way we manage our applications. Its repercussions are significant and will require adaptations.

Get ready for your compliance

The provisions that come into force on September 22, 2022 are :

  • The appointment of a person in charge of the protection of personal information, called Data Protection Officer (DPO). By default, this function is carried out by the most senior manager. This role can be delegated to another internal person or to an external resource.
  • The contact details and name of the manager must be communicated to the Commission d’accès à l’information du Québec (CAIQ), and be published on the company’s website.
  • The creation and maintenance of a register of confidentiality incidents to be transmitted to the CAIQ in the event of an incident. All victims of an incident must also be notified.
  • The establishment of a management committee to ensure compliance with the Act is required for public bodies only.

Dialog Insight complies with the requirements of Law 25

At Dialog Insight, we have revised the functionalities of our platform, so that they meet the requirements of Law 25. For several years, we have been implementing advanced functionalities and protocols for data protection and continue to be at the forefront to better serve and protect our customers. Rest assured that your data is kept in Quebec and that, under no circumstances, we will share it with a third party without authorization.

To demonstrate this commitment, Dialog Insight holds ISO 27001 certification, an international standard for information security. This standard provides a framework for an information security management system (ISMS) that enables the maintenance of confidentiality, integrity and availability of information, as well as legal compliance.

We also perform SOC II Type 2 audits annually to validate our controls in place and their effectiveness.

For more details on the security measures we have in place, do not hesitate to consult our security page.

Dialog Insight helps you comply

Dialog Insight can help you comply with new regulations in time to avoid any possible sanctions related to the use of our platform.

For our users, we will support you in implementing the new measures gradually.

As a Dialog Insight customer, we will ask you to provide us with the name and contact details of your DPO shortly.

Other articles will be published regularly to help you take the necessary measures to comply with the regulations.

In the meantime, if you have any questions, please do not hesitate to contact us.

Law 25, what to remember:

The first requirements of Law 25 on data protection and privacy will come into force on September 22, 2022. The next deadlines are more complex. To support you, Dialog Insight will provide you with tools to help you better understand the changes your company will need to make in order to be compliant and avoid any sanctions. We will also publish a compliance guide under Law 25 which will include the requirements that will apply in September 2023 and 2024. Be on the lookout!

Don’t miss any news. Sign up now to receive our new articles by email by clicking here.

These articles do not represent legal advice. You should consult your legal advisors for an opinion regarding Law 25 or its implication.

Find out how your company can benefit from Dialog Insight.

Read also

Blog, 25 years

25 Years of Innovation: How Dialog Insight Continues to Ride the Wave of Emerging Technologies

Discover the key innovations that have shaped Dialog Insight's success and its SaaS relationship marketing platform since 1999, and explore the emerging trends that will transform marketing over the next 25 years.

Blog

The Strategic Importance of the CSM in Customer Satisfaction and Growth at Dialog Insight

Discover the strategic importance of Customer Success Managers (CSM) at Dialog Insight, key partners in customer satisfaction, growth, and ROI optimization through effective and personalized marketing solutions.

Analytics

15 marketing automation KPIs to measure your marketing automation

It's all well and good to do marketing automation, but if you do it without analyzing the results, it's hard to distinguish what works from what does not work.

Personalization

7 foolproof steps to build a personalization strategy that pays off

“Personalization is too difficult!” This is something you must have heard many times. But is it really that complicated? In truth, it all depends of what you already have and what you want to do.

Data Management

Better results with smart segmentation

Deviding your list to make a mailing is important. This ensures that the content presented to recipients is relevant to them. But do you know all the ways to segment your list?

Omni-Channel Marketing Campaign

How to Create Effective Mobile Push Notifications To Engage Your Audience

Mobile push notifications have become a powerful tool for businesses to engage with their target audience. They are an effective way to reach out to customers and keep them informed about the latest news, updates, and promotions. With an open rate ranging between 30 and 60%, this is the most effective method of communication.