Law 25 : Victoire complies

Law 25 : Victoire complies

Why is Victoire prioritizing compliance with Law 25? 

Victoire is pivotal in supporting clients with their online ventures, offering a suite of services, including programming, website management, and social media community management. These services are vital for our clients to access essential information about their businesses. 

It's common for businesses to seek guidance from their web and social media service providers regarding Law 25's provisions and their impact on their operations. Victoire has dedicated time and resources to ensuring compliance with Law 25, aiming to provide comprehensive guidance to its clients. 

What was the origin of Law 25? 

Law 25 in Quebec draws inspiration from the General Data Protection Regulation (GDPR) of the European Union, which was implemented in 2016. The GDPR aims to bolster personal data protection by establishing responsibilities for companies that collect such data. 

Law 25 primarily amends the "protection of personal information" aspect of both the Act respecting access to documents held by public bodies and the protection of personal information and the Act respecting the protection of personal information in the private sector. 

For more details on Law 25's new provisions, effective September 22, 2022, please refer to the announcement (FR) published by the Secretariat for Democratic Institutions Reform, Access to Information, and Secularism. 

Is compliance with this law a significant undertaking? 

Absolutely. While integrating a cookie management module might seem like a minor change, the process leading up to this integration is notably intricate. Victoire's cybersecurity committee ultimately invested more time and resources in governance, human resource management, and access to our paper documents than in upgrading our client communication tools. This latter part is the small visible aspect that makes the significant compliance work accessible! 

In summary, by September 2023, Victoire has achieved the following milestones: 

  • Acquired thorough knowledge and understanding of the law's provisions, delegating explicit authority to Victoire's cybersecurity committee since September 2022. 
  • Identified all personal information collected on our website and internal tools. 
  • Developed an incident management plan for potential data breaches. 
  • Established a clear, readable, publicly available privacy policy crafted by competent professionals (special thanks to Verreau Dufresne Avocats). 
  • Enabled the collection of personal information with visitor or client consent. 
  • Set parameters for the retention of personal information. 
  • Conducted a Privacy Impact Assessment (PIA). 

For each critical step, Victoire has engaged legal resources (thanks again to Verreau Dufresne Avocats) to ensure full compliance with Law 25 within our company's specific context.