Canada: Adoption of Quebec data protection regime
Compare with different regulatory event:
Description
Adoption of Quebec data protection regime
On 21 September 2021, the legislative proposal for a data protection regime (projet de loi 64) is adopted by the Quebec National Assembly. The Act introduces a new notification regime in case of data breaches. Until the Act is put in force on 22 September 2023, companies will have to implement the following obligations. Companies must set up data governance processes, enable the transfer of personal information, instruct employees about the new privacy regime and establish internal policies for the management of data. The act also specifies the cases in which a privacy assessment is required and the sanctions in case of non-compliance.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2020-06-12
under deliberation
2021-09-21
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
corporate data (all forms): data collection
Regulatory tool
User consent: Other requirement
User right to access personal data
User right to deletion of personal data
User right to withdraw consent
User right against automated decision making
Sanctions
Fine
Regulated subjects
1
corporate data (all forms): data processing
Regulatory tool
Risk or other impact assessment requirement
User right to information about third-parties, with which data has been shared
Sanctions
Fine
Regulated subjects
1