Guidance and training services
Why choose our Loi 25 compliance support services
Loi 25 – Personal data management service
You’ve been hearing about this provincial privacy law for over a year now, but you may not have the time or resources within your organization to address it. That’s why Rhesus has developed a personal data management service.
What does our personal data management service consist of?
This service has been developed to meet the specific needs of our clients. We offer comprehensive and tailored training to raise awareness among businesses about the requirements of Loi 25 and to provide them with the necessary tools to implement it. Working closely with your staff, we will assess your current personal data management practices, identify gaps, and recommend appropriate corrective measures.
Our Loi 25 compliance support service in 4 simple steps
PHASE 1 TRAINING AND OBSERVATION
This first step involves designating individuals within the company who will collaborate with the Rhesus team on this compliance project. These key individuals will be trained to become internal resources for Loi 25.PHASE 2 ANALYSIS + MATCH PLAN
Secondly, an in-depth analysis will be conducted to dissect current processes by identifying physical and digital security gaps to be filled.PHASE 3 IMPLEMENTATION OF PROCESSES
During this phase, the various registers will be set up as well as the reporting processes for each of them.PHASE 4 POLICY REVIEW
Often conducted in parallel with Phase 3 to meet the requirements of Loi 25, we will determine external and internal confidentiality policies and publicize them.Loi 25 in summary
Loi 25, also known as the “Act respecting the protection of personal information in the private sector,” is legislation aimed at protecting the rights of individuals with respect to the collection, use, and disclosure of their personal information by organizations. With significant implications in terms of liability and compliance, it is essential that your organization comply to avoid potential negative consequences.
THE IMPLEMENTATION OF LOI 25
The implementation of Law 25 is divided into 3 key stages where various provisions must be put in place. Here’s a brief summary:
SEPTEMBER 2022
- Identify a resource person responsible for personal information protection.
- Develop policies and practices governing personal information governance.
- Create a register of confidentiality incidents and a notification process.
- Conduct an inventory of storage spaces and personal information within the organization.
- Implement a training program on personal information protection.
SEPTEMBER 2023
- Update policies and practices governing the data lifecycle: retention, destruction, and anonymization of personal information
- Develop a process for handling complaints related to personal information protection
- Make public the key elements of governance regarding personal information protection
- Develop a policy and process for privacy impact assessments in the processing of personal information
- Develop a consent collection process for collecting, holding, using, or communicating personal information
- Implement a de-indexing process
SEPTEMBER 2024
Implement measures to facilitate the right to data portability. If an individual requests access to their data, they must be able to access it in a simple and understandable format.
I want information about Law 25
Contact us today to learn more about our personal data management service and to schedule a free consultation. Together, we can ensure that your organization is well-prepared to meet the challenges of personal information protection under Law 25.Contact Us
ten.susehr@52iol
IT Strategies
