GEM-CAR FAQ
Obligations and Responsibilities Regarding the Protection of Personal Information (Law 25)
In Quebec, the Act to modernize legislative provisions regarding the protection of personal information introduced several significant changes to the Private Sector Privacy Act. These changes are being implemented progressively in September 2022, 2023, and 2024, and impose new responsibilities on businesses.
Main Obligations:
**Starting from September 22, 2022**:
- Designate a person responsible for the protection of personal information and publish their contact details.
- Take measures in the event of a privacy incident, notify authorities, and keep a register of incidents.
**Starting from September 22, 2023**:
- Adopt governance policies on the management of personal information.
- Conduct Privacy Impact Assessments (PIAs) for certain data communications.
- Comply with new rules regarding the collection, use, and disclosure of personal information, including without consent, and privacy for minors.
**Starting from September 22, 2024**:
- Respond to requests for the portability of personal information.
Actionable Steps:
Companies must designate a competent data protection officer, inventory the personal information they hold, and establish practices for managing privacy incidents. They must also adopt detailed governance policies, monitor the implementation of protection measures, and prepare to respond to data portability requests by 2024.
In summary, compliance with this law requires careful planning, staff training, and updating of IT systems to meet new data protection obligations.
Posted 2 months agoby Nadine Toutant
#191331 viewsEdited 1 month ago