Frequently Asked Questions
Everything you need to know about our Law 25 compliance services
What is Law 25 and why do I need to comply?
Law 25 is Quebec’s Act to modernize legislative provisions respecting the protection of personal information. It imposes strict obligations on businesses that collect, use, or disclose personal information. Non-compliant companies face penalties of up to $25 million or 4% of global revenue. Any Quebec business collecting customer data (emails, purchases, analytics) must comply.
What does the DPO (Data Protection Officer) service include?
We act as your designated Data Protection Officer. This means we manage all your privacy obligations: processing access and deletion requests, handling complaints, communications with the Commission d’accès à l’information (CAI), maintaining processing registries, and advising on compliance matters. You don’t need to hire an in-house expert.
How long does it take to become compliant?
Most of our clients are protected within 24 hours. The process includes a 2-hour initial consultation to assess your practices, followed by immediate deployment of your privacy policies, terms of service, and request management systems. We also activate our DPO services from day one.
What happens when a customer makes an access or deletion request?
Requests are routed directly to our team. We process them in compliance with legal timelines (typically 30 days), manage all required documentation, and communicate with your customers. You are informed and we coordinate with you to obtain necessary data, but we handle all communication and compliance aspects.
How do you handle customer privacy complaints?
Our team receives and processes all privacy-related complaints. We investigate the situation, communicate with the customer to resolve the issue, and document everything in accordance with regulatory requirements. If a complaint is filed with the CAI, we manage the official response and liaise with authorities. This protects your reputation and ensures professional resolution.
What is included in the policies you deploy?
We create and deploy customized policies including: Law 25-compliant privacy policy, terms of service, cookie notice, consent forms, and data processing registry. All policies are tailored to your specific business practices and written in clear language as required by law.
Do I need technical knowledge to use your service?
No. We handle all technical aspects of deployment. You only need to participate in the initial consultation to explain your business practices. We take care of website integration, request management system configuration, and all ongoing technical maintenance.
What happens if Law 25 changes?
We continuously monitor legislative and regulatory changes. When changes occur, we automatically update your policies and procedures to maintain compliance. You are informed of significant changes, but you don’t need to take any action – we handle everything.
Is this service right for my business?
Our service is ideal for Quebec SMBs that collect customer data (emails, purchases, analytics) and don’t have dedicated legal or compliance resources. It suits businesses with standard operations. If you process highly regulated sensitive data (medical records, detailed financial data) or have very complex processing operations, you may require additional legal services.
Can I cancel at any time?
Yes. There is no long-term contract and you can cancel at any time. We recommend 30 days notice to ensure a smooth transition of your compliance responsibilities. We will provide you with all necessary documentation and procedures to maintain your compliance after departure.
What happens in case of a data breach?
In the event of a breach, we guide you through all required steps: assessing severity, determining notification obligations, preparing communications to affected individuals, notifying the CAI if necessary, and documenting the incident. We handle the compliance aspects while you focus on technical resolution.
Will I still need to consult a lawyer?
Our service covers standard compliance needs for SMBs. For complex situations, litigation, unusual processing operations, or significant strategic legal questions, we recommend consulting a specialized attorney. We work collaboratively with your legal counsel when necessary.
How do I get started?
Contact us to schedule your 2-hour initial consultation. During this session, we will assess your needs, explain the process in detail, and can begin deployment immediately. Most of our clients are operational and protected within 24 hours of the consultation.