Are you a business owner or marketing manager? You’ve probably heard of Law 25 in Quebec. But do you really know what it means for your website and your digital strategy?
We’ve prepared a brief guide to the implications and steps involved.
What is Law 25?
Law 25, officially called “An Act to modernize legislative provisions respecting the protection of personal information“, aims to strengthen the security of Quebecers’ data on the web. It establishes new responsibilities for businesses, particularly with regard to the collection, storage and use of personal information.
Why is this important to you?
Imagine your website as a physical store. Every visitor who enters leaves a footprint, whether it’s their name, age, e-mail address or shopping preferences. Law 25 ensures that these fingerprints are treated with the utmost care.
Summary of key steps to follow :
- Appointing a manager: Just as you would have a manager in-store to deal with customer queries, you need to appoint a person in charge of data protection on your website.
- Informed consent: Before collecting data, ask permission. It’s like asking a customer if they’d like to sign up for your in-store newsletter. This collection includes a pop-up and documentation/trace of the consent obtained when visiting your website.
- Right to be forgotten: If a customer no longer wishes to receive your newsletters, they must be able to unsubscribe easily. Similarly, visitors to your site should be able to remove their information from your web and internal databases.
- Preparing for 2024: The law is changing, and new rules will come into force in September 2024. It’s like having new safety standards in place for your industry. Be prepared!
Specific procedure for your website:
Based on the implementation of similar policies in Europe and California, here are some of the key elements to consider for your website:
- give your users the option of not setting cookies for tracking and enhanced functionality, thus installing a banner offering this choice of accepting or blocking them.
- obtaining informed consent for the collection of information when submitting online forms such as contact forms or appointment forms.
- implementation of secure software and communications protocols to protect data during transmission.
- adopting strategies to minimize the risk of data leakage, such as firewalling and monitoring for malware associated with information leakage.
- publication of the contact details of a person responsible for data protection in your SME.
- the use of web forms to dictate the retention period for information collected by them.
- give users the possibility of removing their information from your web databases, such as order information, payment information, contact information, or any other information provided during an interaction with your SME.
Next: September 2024
Twelve months goes by so quickly… plan your actions for September 2024. Some of them can easily be carried out in parallel with those to be implemented by September 2023.
Ensuring the right to data portability
Users of your website should be able to export any personal information collected about them.
Law 25 is there to protect consumers, but also to help you build a relationship of trust with them. By respecting these rules, you show that you care about your customers and their safety.
If all this sounds complex, please contact us or visit our page “Service Web25 -Fast conformity” – It takes time, and in many cases can be a complex process, requiring solid web knowledge, tracking tools like Google and security software.
Important notice: This article is for information purposes only. For a complete understanding and full compliance, consult a specialized attorney and refer to official sources such as the Quebec government website and Quebec Access to Information Commission.