π
Basics
Law 25 in plain language for Quebec SMBs
History, goals, who is covered: in plain language for a business owner.
Read article β
πͺ
Basics
SMBs and nonprofits: Law 25 applies to you too
Small business, sole proprietor, or nonprofit: a starter mini-checklist.
Read article β
π
Timeline
Key steps 2022, 2023 and 2024
Obligations by phase and what is in force today.
Read article β
β
Diagnostic
Express checklist: am I minimally compliant?
15 yes/no questions for a first self-assessment in a few minutes.
Read article β
πΊοΈ
Roadmap
Law 25 action plan in 7 steps for an SMB
Roadmap, minimum documents, and priorities when time and budget are tight.
Read article β
π€
Governance
Privacy officer responsibilities under Law 25
Designation, published contact details, key tasks, and practical habits for the role.
Read article β
π
Governance
Governance: building the right policies
Internal vs public policy, minimum content, and updates without overload.
Read article β
π
Rights
Individual rights: what your customers can request
Access, rectification, withdrawal of consent, portability: intake and deadlines.
Read article β
βοΈ
Consent
Consent: what really changes
Clear, informed consent, typical forms, and rules for children under 14.
Read article β
π€
Rights
Portability and the right to be forgotten
Data export, cessation of dissemination, de-indexing, and technical impacts.
Read article β
π
Settings
Privacy by default in your tools
Website, CRM, HR: SaaS settings and documenting your choices.
Read article β
β»οΈ
Data
Data lifecycle
Collection, retention, and destruction: customers, employees, and HR applications.
Read article β
π₯
HR
Privacy and human resources
Employee files, hiring, monitoring, and everyday HR tools.
Read article β
βοΈ
Sanctions
Financial sanctions: what you really risk
Administrative and penal sanctions, common gaps, and cash-flow impact for an SMB.
Read article β
π¨
Incidents
Managing a privacy incident: emergency procedure
From discovery to CAI notification: internal procedure and incident log for SMBs.
Read article β
π
Culture
Employee training: weak link or Law 25 shield
Minimum topics, frequency, onboarding, and measuring awareness effectiveness.
Read article β
π€
Contracts
Vendors and suppliers: essential clauses
Guarantees, security, data location, and incident notification in IT and marketing contracts.
Read article β
π
Policy
Law 25 privacy policy template for SMBs
Useful sections for an SMB, transparency, privacy officer, and common public-site mistakes.
Read article β
π
Web & marketing
Web privacy policy compliant with Law 25
Must-haves for the site, forms, cookies, and analytics tools.
Read article β
πͺ
Cookies & consent
Law 25 cookie banner: what the CAI expects
Consent, equivalent refusal, non-essential trackers, and controls Quebec organizations should apply.
Read article β
π
PIA / EFVP
PIA under Law 25: when and how
Privacy impact assessment (EFVP): triggers, steps, documentation, and digital projects.
Read article β
πͺπΊ
Comparison
Law 25 vs GDPR: differences and similarities
What overlaps, what is Quebec-specific, and how to close gaps if you already follow GDPR.
Read article β