Privacy Compliance (Law 25)
Privacy obligations implemented, not just filed: a data map of what you collect and where it lives, consent flows wired into your actual forms and CRM, retention rules that run — built for Québec's Law 25 reality. Implementation, not legal advice.
Free audit first. No deck — just the plan.
The scope
- Data mapping
- Consent flow implementation
- CASL-compliant email settings
- Retention + deletion automation
- Privacy policy upkeep
- Quarterly compliance review
The process
Map the data
What's collected, where it lives, who touches it, how long it's kept — the inventory every obligation starts from.
Wire the consent
Consent and unsubscribe flows implemented in your forms, CRM, and email — matching what the policy promises.
Automate retention
Keep-and-delete rules that actually run, so data expires on schedule instead of accumulating forever.
Keep it current
Policies, registers, and practices reviewed on a cadence as tools and laws change. Implementation, not legal advice — we pair with your counsel where opinions are needed.
Build + Run engagement
This starts as a scoped build — and can end with us running what we built, on a monthly tier. Most clients take the handoff; it's optional.
The Compliance system
Privacy obligations, implemented — not just filed. Every privacy compliance (law 25) engagement runs on this operating system — see the full problem, approach, and deliverables.
Explore the system