Law 25 (formerly Bill 64): Five challenges to avoid the consequences of non-compliance

Every challenge has a solution. Want to think ahead of the curve to evade disaster later? Here are five key challenges (and their solutions!) to help you avoid the ramifications of non-compliance to Law 25 (formerly Bill 64).

Let nothing stand in your way… to Law 25 (formerly Bill 64) compliance. Every challenge has a solution. Want to think ahead of the curve to evade disaster later? Here are five key challenges (and their solutions!) to help you avoid the ramifications of non-compliance to Law 25 (formerly Bill 64).

Bill 64 - Challenges; Data; Governance; requirements; awareness; monitoring; questions to ask yourself; solution

Challenge 1: DATA

Under Law 25 (formerly Bill 64), if you are not meeting the new requirements, you could be fined up to $25M, or 4% of the previous year’s worldwide turnover. Making an inventory of the information your business collects, processes and stores is essential.

Ask yourself: What type of personal data is collected by your business? Where and how is personal data stored?

Solution: Developing and implementing sustainable action plans and roadmaps.

Challenge 2: GOVERNANCE

Governance is key to meeting Law 25 (formerly Bill 64) requirements. By default, the person with the highest authority within the organization would be responsible for ensuring that the organization implements and complies with the Act, once it’s passed.

Ask yourself: Who will be responsible for ensuring that all requirements are met? Do you have the necessary team and governance structure to meet Law 25 (formerly Bill 64) requirements?

Solution: Creating a position or delegating this responsibility to an existing Chief Privacy Officer. Ensuring you have the necessary team and governance structure to meet Law 25 (formerly Bill 64) requirements.

Challenge 3: REQUIREMENTS

Law 25 (formerly Bill 64) applies to any business that has a digital presence in Quebec. Understanding the requirements and how they will impact your day-to-day operation is essential in avoiding huge fines and penalties – not to mention damage to your business’s reputation.

Ask yourself: Do you have the legal acumen to assess the requirements? Are your internal controls effective?

Solution: Creating a diagnostic of your internal controls and developing a risk register of the risks surrounding data privacy.

Challenge 4: AWARENESS

Law 25 (formerly Bill 64) impacts how businesses collect and store the personal data of their customers, clients, employees, etc. This extends to your employees – are they being careful with the data your business collects and manages? Do they understand the repercussions
if they don’t?

Ask yourself: Do you have personal data protection policies? Are your employees aware of data protection best practices? Do they make every effort to protect this data on a daily basis?

Solution: Creating personal data protection policies. Ensuring your employees follow best practices in terms of data protection; implementing an operational plan for compliance and proper training annually.

Challenge 5: MONITORING

Compliance is an ongoing process. Having effective roadmaps and action plans is essential to making sure that your business meets all Law 25 (formerly Bill 64) requirements.

Ask yourself: Is your action plan working? What mitigation measures should be put in place if the plan doesn’t work?

Solution: Monitoring the implementation of action plans and roadmap to ensure everything is covered and secure.

No matter the challenge, Richter can help find the right solution.

Looking for more information? Head to the Law 25 (formerly Bill 64) main resource page.