I have been asked about the new compliance requirements that start in September 2023. Most clients have had opinions and recommendations from their attorneys already, I do not intend to replace those recommendations with this. Here is a summary, in my personal opinion, on what you need to have in place right now to be compliant.
Your site should:
- Provide the name and contact information of your compliance officer (This is NOT myself of Cobaltium. It must an internal person)
- Proof of consent
- Records of consent
- Privacy policy
- Cookie Policy
- Retention Policy
- Imprint
- General terms
- Legal notice
You are also responsible for generating a report of all events and keeping that report. All events MUST be submitted to the Quebec government.
FORM (French only): https://www.cai.gouv.qc.ca/documents/CAI_FO_avis_incident_confidentialite.pdf
You should have the means to:
- allow to opt out
- see and remove their own data
- make official requests
- automate the retention as per your policy
The great news is that most of you have the above integrated into your web site already!