FR
Contact us
Contact us

Introduction to Act 25

Act 25, or the Privacy Act, was adopted to strengthen the security of personal data held by the Quebec population. In the context of rapidly evolving technologies and growing privacy concerns, this act imposes stricter standards for businesses’ collection, use, and sharing of personal information.

Since coming into effect on September 22, 2022, Act 25 requires public or private organizations to manage data responsibly while respecting individuals’ rights over their information.

The 3 phases of Act 25

Phase 1

Start‑up—September 22, 2022

  • Designate a person in charge of the protection of personal information.
  • Make an inventory of the data collected.
  • Maintain an incident log to document data security events.
Phase 2

Enhanced transparency—September 22, 2023

  • Privacy policies must be clearly accessible on websites.
  • Implement mechanisms to obtain consent for data collection (cookies, geolocation, etc.).
  • Establish contracts with suppliers guaranteeing compliance with Act 25.
Phase 3

Access and management—September 22, 2024

  • Implement a policy enabling individuals to consult, update or request the deletion of their personal information held by the company, with a processing time of less than 30 days.
  • Reinforcement of security measures to protect data in transit.

Understand your obligations and prepare effectively

Meet our Act 25 experts

  • Soleïca Monnier—Lawyer at Fasken
    As a specialist in data protection law, Soleïca assists numerous companies in their compliance with Act 25 and closely follows regulatory developments. She is a legal expert in the field, bringing an essential perspective on legal obligations and citizens’ rights.
  • Patrick Bélanger — Vice‑President of Innovation and Compliance at Nmédia
    Patrick has extensive experience in business strategy and compliance. He plays a key role in developing solutions to ensure Nmédia’s compliance with Act 25 and ensures that these requirements are integrated into the company’s innovation and development objectives.
  • Stéphane Lépine — Senior Director of Technology and Security at Nmédia
    As a cybersecurity and data management expert, Stéphane implements the technical measures required to protect personal information.

Register for the webinar

Webinar agenda

  • Introduction  
    Presentation of the issues and objectives of Act 25.
  • New obligations for companies  
    Focus on appointing a data protection officer, privacy impact assessments, and management of privacy settings.
  • New rights for citizens  
    Analysis of data portability rights, the right to digital oblivion, and access and rectification rights.
  • Sanctions and enforcement  
    Explanation of potential sanctions, fines and the powers of the Commission d’accès à l’information (CAI).
  • Practical tips for compliance  
    A step‑by‑step guide to getting started on compliance, with tips on how to avoid common mistakes.
  • Question‑and‑answer segment  
    Open discussion with participants to answer any questions about Act 25.
  • Register for the webinar

Do you have a project in mind that goes beyond Act 25 compliance?

We’d be delighted to discuss your data protection and digital project needs.

Write to us Our projects

Un Nmédien discute avec un autre dans son bureau chez Nmédia
Discover job offers