Today, the majority of Quebec’s Law 25 privacy reform enters into force, elevating Quebec’s privacy regime to a standard that resembles the GDPR and other new-age regimes. If your organization does business in Quebec and processes the personal information of Quebecers, it is crucial that you take meaningful steps to comply with the new obligations, as the fines for non-compliance could be significant:
- Penal fines as high as $25 million (or 4% of worldwide turnover for the preceding fiscal year, whichever is higher), which can be doubled for repeat offences;
- Monetary administrative penalties of up to $10 million (or 2% of worldwide turnover for the preceding fiscal year, whichever is higher); and
- Infringements which are intentional or which result from a gross fault now call for a minimum award of $1,000 in punitive damages.
By way of a reminder, below is an overview of the main obligations introduced by Law 25, which could also apply to foreign companies doing business in Quebec. The middle column summarizes the new obligations that come into force today.