Law 25 applies to any organization, public or private, based in Quebec or not, that handles the personal information of Quebec residents. That broad scope means thousands of Canadian and international businesses must meet its requirements, including mandatory appointment of a Privacy Officer, robust consent mechanisms, documented Privacy Impact Assessments (PIAs), and enforceable data subject rights.
DPO Consulting delivers structured, practical law 25 privacy compliance programs built for organizations at every stage of their compliance journey.