That’s it! The second deadline of September 22, 2023 has passed! But are you in order? How do you go about it? What are the implications for businesses if you’re not? And above all, how do you get there? So many questions! Follow us as we try to shed some light on the new measures and what they mean for you and your business.
Part 1: Understanding Bill 25 and its implications for your business
1. Introduction to Bill 25
Background and context
Law 25 was passed with the aim of strengthening the protection of personal data and making companies more accountable for the management of this data. It is part of a legislative evolution that has emerged with similar regulations internationally, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States.
Objectives of Bill 25
The law has three main objectives:
- Personal data protection: Ensuring that individuals’ data is handled securely and confidentially.
- Corporate responsibility: obliging companies to implement adequate safety measures.
- Strengthening individuals’ rights: Giving people more control over their personal data.
2. Company obligations
Data Protection Officer
Every company must appoint a data protection officer. This position is crucial as it oversees all activities related to personal data management. The person in charge must have in-depth knowledge of data protection laws and be able to advise the company on best practices in this area.
Register of confidentiality incidents
It is imperative for companies to keep a register of confidentiality incidents. This register must include details of the nature of the incident, the steps taken to remedy it, and the people informed. In the event of a major incident, the relevant authorities must be informed as soon as possible. Download our register here
Penalties and fines
Non-compliance with Bill 25 can result in severe penalties, including fines of up to several million dollars. It is therefore in every company’s interest to understand and comply with this legislation.
3. Benefits of an information governance program
A well-structured information governance program helps to clarify roles and responsibilities within the company. It also facilitates internal communication, which is essential for efficient data management.
Better data protection
Such a program also enables data encryption and security methods to be put in place, reducing the risk of confidentiality incidents.
Efficient incident response
Having an incident response plan in place and testing it regularly can make all the difference in the event of a data breach. This enables a rapid and effective response, minimizing damage.
4. Steps to create an effective program
The first step in creating an effective program is to carry out a complete inventory of the data held by the company. This includes not only customer data, but also employee and partner data.
Policies and practices
Once the inventory has been taken, the next step is to draw up privacy and security policies. These policies must be updated regularly to reflect changes in legislation or in the company’s environment.
Employee training and awareness
Last but not least, it’s crucial to train employees and raise their awareness of the importance of data protection. This can be done through workshops, online training or simulations.
Part 2: Impacts on your website and action to be taken
You’ve heard about Bill 25 and are determined to comply. The first step? Your website.
Why websites are affected
Websites often collect personal data, whether through forms, cookies or traffic analyses. This data is regulated by various laws, including Act 25. It is therefore imperative for website owners to understand their legal responsibilities. The risks of security breaches are real and can lead to incidents such as :
- Data leakage: Inadequately secured databases can be compromised, exposing user information.
Data collection on non-transactional sites
Even if your website isn’t transactional, it’s highly likely that you’ll be collecting personal data. Tools such as Google Analytics, Tag Manager, ReCaptcha, Google Maps, PayPal and many others, as well as social networking and video integration, often involve data collection. At the limit, the WPML extension, very popular with companies with bilingual websites, collects personal information about users, such as whether they are English or French-speaking.
Action to be taken
To achieve compliance, a number of actions need to be taken:
- Install a cookie consent banner: This is not only good practice, but often a legal requirement.
- Appoint a person in charge: Someone within the company should be responsible for data management and incident tracking.
- Maintain an incident log: To track and document any data security incidents.
How to create an effective consent banner
A successful banner must be both visible and non-intrusive, while providing all the necessary information. For WordPress users, this often means installing an extension.
Our choice of extension: Complianz
Arcane Evolution has evaluated several options for complying with Bill 25. After testing various free and paid extensions, our choice fell on“Complianz“.
Why choose Complianz
When new regulations are introduced, companies seek to adapt quickly. Complianz offers a free solution, but with limitations in terms of customization. Its pay version is affordable and comprehensive, and even includes an option specially designed for Quebec.
Would you like to get in line?
Arcane Evolution offers you the opportunity to make your WordPress website compliant today by installing and configuring the “Complianz” extension on your website. Contact us today or purchase the service directly.
We take care of:
- Download and install Complianz on your site
- Program the software completely
- Create privacy and cookie policies
- Set up your electronic register and transfer it to you
Everything’s in place and all you need is the register?
Download the register today!