Quebec Law 25

What is Quebec Law 25?


Quebec Law 25, also known as an act to modernize legislative provisions regarding the protection of personal information, is a comprehensive set of regulations that significantly strengthens privacy protections for individuals residing in Quebec and imposes new responsibilities on organizations handling their personal data.

It applies to Quebec companies and companies processing Quebec residents’ personal data; as a result, even foreign companies need to comply with it.

The former Quebec data protection law was aligned with PIPEDA, but this one goes a step further and gets closer to the EU’s GDPR. Most notably, Quebec Law 25 requires companies to conduct data protection assessments for risky activities and safeguard their data properly with proactive measures to prevent data breaches.


MergeBase and Quebec Law 25


We are a Canadian company based in British Columbia, which means that Quebec legislation does not apply to us unless we process the personal information of Quebec residents. Whenever we process Quebecois data, we fully comply with the law.

Quebec Law 25 is very similar to the PIPEDA and the GDPR. We are already compliant with these two laws, making it easy for us to comply with the Quebec privacy law simultaneously.


How Can MergeBase Help You Comply with the Quebec Law 25?


Quebec Law 25 requires companies to implement thorough data security measures to safeguard personal data, just like PIPEDA does. MergeBase’s services are crafted to mitigate the risks of cyberattacks and data breaches, aligning with Quebec Law 25’s focus on proactive data security actions.

Moreover, MergeBase is well-prepared to handle any security-related inquiries you may have, be it during Data Protection Impact Assessments or while addressing requests from data subjects.