Skip to main content

Law 25 Compliance — Protection of Personal Information

Complete support for Law 25 compliance in Quebec. Policies, processes and technology solutions for Quebec SMBs.

Law 25 applies to every business that collects personal information in Quebec, regardless of size. Achieving compliance does not require a legal department — it requires a clear plan and the right support.

The challenge

You collect names, email addresses, phone numbers and possibly financial information from your clients. You keep employee files containing sensitive information. Law 25 requires you to protect this information, document your practices and respond to requests from the individuals concerned.

The problem is that the legal texts are written in dense legal language, and the resources available online offer general advice that does not tell you concretely what to do on Monday morning. As a result, many SMBs push compliance to the back burner, hoping to fly under the radar. Yet the penalties set out in the law are significant, and the Commission d'acces a l'information can investigate following a complaint or an incident.

Our approach

We demystify Law 25 requirements by translating them into concrete actions adapted to your reality. The process begins with an inventory of your current practices: what personal information do you collect, where do you store it, who has access to it, and how long do you keep it?

From that picture, we build your compliance plan together. Steps are prioritized based on risk and the effort required. We draft the necessary policies — privacy policy, incident management policy, complaint handling process — in clear language, not in legal jargon that nobody will read.

On the technology side, we implement the appropriate protective measures: access controls for sensitive data, encryption, access logging and procedures in the event of a privacy incident. We also train your staff so that every employee understands their day-to-day obligations in simple terms.

What is included

  • Inventory of your practices regarding personal information
  • Prioritized compliance plan adapted to your operational reality
  • Privacy policy drafted in compliance with Law 25
  • Support for the person responsible for the protection of personal information
  • Privacy incident register meeting legal requirements
  • Documented processes for consent, access requests and complaints
  • Privacy impact assessments for your higher-risk projects
  • Staff training on obligations and everyday best practices

Why Adsum?

Our advantage is that we cover both the organizational and the technological sides of compliance. No need to coordinate a privacy consultant with an IT provider — we bridge the two. The security measures the law requires, we deploy them ourselves in your environment.

We support Quebec SMBs that have neither an in-house lawyer nor an IT manager. Our role is to make compliance accessible and realistic, one step at a time.


Our Law 25 compliance support draws on our cybersecurity services and combines with our backup and recovery and IT management solutions for complete data protection.

Ready to improve your IT infrastructure?

Contact our team for a free assessment and personalized quote.