Cybersecurity and Act 25: get ready!
In the context of information globalization and the explosion of cyber risk, the entry into force of the General Data Protection Regulation (GDPR) in 2018 in the European Union has disrupted the approach to cybersecurity for public and private operators. Individuals’ rights have been strengthened by improving the management of personal data; operators’ liability has been increased with dissuasive financial penalties in case of failure.
As the GDPR also applies to European data shared with the rest of the world, countries such as Canada had to adjust. In this situation, Quebec is a pioneer and voted, on September 21, 2021, the Act to modernize legislative provisions as regards the protection of personal information or “Act 25”.
This law applies to all Quebec organizations that handle personal information and strengthens, among other things:
The management of personal information, from collection to end of life;
The protection of personal information by imposing the implementation of policies and technical means within companies, and even with their partners (cloud computing, subcontractors, etc.);
The responsibility of organizations by expressly designating the most senior official as the guarantor of the protection of personal information and by providing for significant financial penalties.
Act 25 applies to all businesses and public bodies in Quebec and therefore requires the implementation of a series of measures to ensure compliance with the obligations stipulated by the law.
"The financial, legal and reputational risks to which organizations are exposed require that measures be taken to comply without delay."
ESI Technologies can work with you now to conduct a compliance assessment of your organization with respect to this new regulation. Based on the gaps identified, we can then propose a standard or “à la carte” offer of our cybersecurity products and services and establish with you a 2-year deployment strategy to meet the deadlines.
From drafting your privacy policies to implementing technical solutions to protect your network, Bill 64 is a real opportunity to build or strengthen your cybersecurity strategy.
Cyber risks are not inevitable. Let’s be ready together.
Arnaud Tésorière
Senior Cybersecurity and Compliance Consultant
You might also like
Risk and Compliance Governance
For a long time considered as a purely technical domain, we have been observing, for a few years now, a paradigm shift in cybersecurity management.
Identify and prioritize cybersecurity investments
In order to produce the information security action plan, the initiatives should be carried out over a period of time based on various factors that are well known in project portfolio management, such as the company's strategic orientations, the availability of resources, etc.