Law 25

Keeping personal information safe

Since Law 25 was phased in, organizations have had to strengthen their practices for handling, retaining and securing personal information. Law 25 imposes specific requirements for governance and concrete measures to ensure the confidentiality of sensitive data.

• Data mapping
• Consent form reviews
• Obtaining explicit consent
• Transparency and communication
• Staff training
• Transforming internal processes

Ensuring legal compliance: A must

Law 25 applies to any information that can be used to identify an individual, whether directly or through cross-referencing. The entire data lifecycle must be structured to comply with this law: consent, collection, use, retention, access and destruction.

Our team can help you make sure your practices are aligned with the law, including:

• Mapping information flows that contain personal data
• Establishing or updating internal policies (confidentiality, retention, incident management)
• Structuring access by role, with traceability
• Applying clear retention periods, supported by a compliant schedule
• Having incident management protocols for detection, documentation, reporting and follow-up

Enhancing security and creating a culture of privacy

We strive to not only strengthen your security mechanisms, but also reinforce your teams’ commitments to security. By providing targeted training, clear internal tools and strategic guidance, we can help you integrate compliance into your day-to-day processes.

An approach that’s right for you

No matter what kind of organization you have, we leverage our expertise to tailor our recommendations to your specific structure, tools and requirements and deliver reliable, responsive and thoroughly documented support.

Work for a municipal government? This post is for you! (French only)