8 questions, 2 minutes. Get a clear score and the exact list of what is left to do — plain language.
1Have you appointed a privacy officer and published their contact details?
2Does your website publish a clear, accessible privacy policy?
3Do you ask for clear consent before collecting personal information (forms, newsletter)?
4If your site uses tracking cookies (analytics, ads), do you show a consent banner?
5Do you have a plan to respond to a data breach (notify the access-to-information commission and affected people)?
6Do you keep a register of confidentiality incidents?
7Are your vendors that process information for you (newsletter, CRM, hosting) bound by contract?
8Do you take reasonable security measures (strong passwords, email security, HTTPS site)?
⚖️ This tool is educational: it gives you a clear starting point but is not legal advice. For your specific situation, consult a professional.
Law 25 requires security measures — check yours free →Law 25 (formerly Bill 64) is Quebec’s personal-information protection law. It applies to almost every private business, regardless of size. The basic obligations: a public privacy policy, a privacy officer, clear consent, incident handling (with a register), vendor contracts, and reasonable security measures. This check covers those fundamentals.
Law 25 (formerly Bill 64) modernizes personal-information protection in Quebec. It imposes obligations on almost every private business: privacy policy, consent, privacy officer, incident handling, and more.
Yes. Law 25 applies to any private business that collects personal information, regardless of size — even a sole proprietor with a newsletter.
Penalties can be significant: up to $25 million or 4% of worldwide turnover for the most serious violations. All the more reason to cover the basics.
No. It is an educational self-assessment that shows where you stand and where to start. It is not legal advice.