Richter’s Checklist to Law 25 (formerly Bill 64) Compliance

Nothing says we are about to embark on a project quite like a detailed checklist[1]. Understanding each step is essential to ensuring you don’t miss anything and that you limit your risk of incurring possible penalties.

Diagnosis and planning - icon

Diagnosis and planning

  • Understand the new requirements that will apply to your business.
  • Perform an audit to understand how your business stores and processes information and which third parties have access.
  • Create an effective roadmap and action plan to ensure full Law 25 (formerly Bill 64) compliance.
  • Create personal data protection policies.

Implementing - icon


  • Designate a Chief Privacy Officer responsible for ensuring Law 25 (formerly Bill 64) compliance (if not, this responsibility automatically falls to the CEO)
  • Create written agreements to ensure all third parties have adequate measures for personal data protection.
  • Keep customers informed of the types and by how personal data is collected.
  • Update your internal controls to comply with Law 25 (formerly Bill 64). So your customers:
    • Can request and receive information pertaining to their data;
    • Can easily request what type of personal data has been collected;
    • Can choose to have their personal data deleted; and
    • Can object to automated decision-making.

Monitoring - icon


  • Train your employees to follow best practices for data protection.
  • Monitor each step of your implementation action plan to ensure everything is covered and secure.
  • Conduct a privacy impact analysis with each new project.

Have you checked off all the items on the list? Our Richter professionals can help ensure your journey towards Law 25 (formerly Bill 64) compliance is managed seamlessly. Our multidisciplinary professionals work closely with your management team, going through every step of every process. We identify the best roadmap to compliance for your business and assist you through the implementation and monitoring processes.

The list should not be considered comprehensive compliance advice. Due to the complex nature of these new regulations, readers are urged to seek out their Richter professionals to get comprehensive compliance advice.

Looking for more information? Head to the Law 25 (formerly Bill 64) main resource page.

[1] Inspired by GDPR checklist for data controllers.