Law 25 readiness assessment
In a few minutes, gauge your compliance with Quebec's personal information protection law, and leave with your priorities.
≈ 5 minutes · no sign-up
Law 25 applies to any organization that handles personal information in Quebec. Answer the 18 statements below honestly: everything is computed in your browser, and no answer is stored or sent.
Answer each statement based on your real situation. Your score and priorities appear instantly in your browser. Nothing is sent anywhere.
1.Governance and accountability
2.Consent and transparency
3.Individual rights
4.Confidentiality incidents
5.Privacy impact assessments & transfers
6.Security and lifecycle
Answer every statement to reveal your score.
FAQ
What is Law 25?
Law 25 (formerly Bill 64) modernizes the protection of personal information in Quebec, across the private and public sectors. It requires, among other things, a person in charge of personal information protection, confidentiality incident management, privacy impact assessments and new rights for individuals.
Who is subject to it?
Any enterprise carrying on activities in Quebec that collects, holds, uses or communicates personal information, regardless of its size or sector.
What are the key deadlines?
Obligations came into force in stages: September 2022 (privacy officer, incident reporting), September 2023 (most obligations: consent, PIA, transparency) and September 2024 (right to data portability).
What are the penalties for non-compliance?
Administrative monetary penalties can reach CA$10M or 2% of worldwide turnover, and penal fines CA$25M or 4% of worldwide turnover, whichever is higher.
Does this assessment replace legal advice?
No. This self-assessment is an indicative tool to gauge your maturity and prioritize your actions. It does not constitute legal advice; validate your compliance with a qualified advisor.