Why not visiting?

Bill 64: Five challenges to avoid the consequences of non-compliance

Every challenge has a solution. Want to think ahead of the curve to evade disaster later? Here are five key challenges (and their solutions!) to help you avoid the ramifications of non-compliance to Bill 64.

Let nothing stand in your way… to Bill 64 compliance. Every challenge has a solution. Want to think ahead of the curve to evade disaster later? Here are five key challenges (and their solutions!) to help you avoid the ramifications of non-compliance to Bill 64.

Bill 64 - Challenges; Data; Governance; requirements; awareness; monitoring; questions to ask yourself; solution

Challenge 1: DATA

Under Bill 64, if you are not meeting the new requirements, you could be fined up to $25M, or 4% of the previous year’s worldwide turnover. Making an inventory of the information your business collects, processes and stores is essential.

Ask yourself: What type of personal data is collected by your business? Where and how is personal data stored?

Solution: Developing and implementing sustainable action plans and roadmaps.

Challenge 2: GOVERNANCE

Governance is key to meeting Bill 64 requirements. By default, the person with the highest authority within the organization would be responsible for ensuring that the organization implements and complies with the Act, once it’s passed.

Ask yourself: Who will be responsible for ensuring that all requirements are met? Do you have the necessary team and governance structure to meet Bill 64 requirements?

Solution: Creating a position or delegating this responsibility to an existing Chief Privacy Officer. Ensuring you have the necessary team and governance structure to meet Bill 64 requirements.

Challenge 3: REQUIREMENTS

Bill 64 will apply to any business that has a digital presence in Quebec. Understanding the requirements and how they will impact your day-to-day operation is essential in avoiding huge fines and penalties – not to mention damage to your business’s reputation.

Ask yourself: Do you have the legal acumen to assess the requirements? Are your internal controls effective?

Solution: Creating a diagnostic of your internal controls and developing a risk register of the risks surrounding data privacy.

Challenge 4: AWARENESS

Bill 64 will impact how businesses collect and store the personal data of their customers, clients, employees, etc. This extends to your employees – are they being careful with the data your business collects and manages? Do they understand the repercussions
if they don’t?

Ask yourself: Do you have personal data protection policies? Are your employees aware of data protection best practices? Do they make every effort to protect this data on a daily basis?

Solution: Creating personal data protection policies. Ensuring your employees follow best practices in terms of data protection; implementing an operational plan for compliance and proper training annually.

Challenge 5: MONITORING

Compliance is an ongoing process. Having effective roadmaps and action plans is essential to making sure that your business meets all Bill 64 requirements.

Ask yourself: Is your action plan working? What mitigation measures should be put in place if the plan doesn’t work?

Solution: Monitoring the implementation of action plans and roadmap to ensure everything is covered and secure.

No matter the challenge, Richter can help find the right solution.

PRINTABLE VERSION

 

Looking for more information? Head to the Bill 64 main resource page.

Meet our experts

The people behind the expertise.

Yves Nadeau

FCPA, FCA auditor, CRMA, CFE, CICA
An expert advisor recognized by boards of directors, audit committees and senior management, Yves advises his clients on strategic planning, corporate governance, risk management and internal auditing.

Massimo Cecere

CPA, CA, CRMA
Massimo is an expert advisor in business strategy, risk management, governance, CFO advisory and internal audit.

Mehdi Aboulfaraj

CISSP, VCP, ing.
As a Vice-President at Richter, Mehdi oversees the implementation of cybersecurity solutions.

Raymond Vankrimpen

CISA, CISM, CISSP, CRISC
Ray Vankrimpen genuinely enjoys delivering his boutique brand of consulting, implementation and audit expertise in the areas of cybersecurity, privacy, IT risk management and data quality.

David Lachmansingh

CISA, CISSP, CRISC, Splunk Certified Administrator
David is passionate about making sure his clients succeed. An inveterate enthusiast, he helps his clients become more innovative and effective in their operations by evaluating and adopting the right cutting edge technologies to meet their needs.

David Greenham

CISSP, CCSP, CISM, CISA, QSA, SABSA SCF, ISO 27001 Lead Auditor
David Greenham’s commitment to delivering quality work and providing excellence in service is unmatched. With quiet dedication he ensures his clients are cared for and always goes the extra mile to help his colleagues find success.

Will Xiang

CPA, CA, CITP, CAMS
Your business, culture, and problems are unique. Therefore, solutions rarely take the form of a one-size-fits-all package. Will prides himself in bringing the proper industry-leading risk management solution to fit your specific short term needs and strategic goals.

Tailor-made solutions