Security & Compliance
Lynx Compliance - Quebec Law 25
Quebec Law 25 (Loi 25) — Act respecting the protection of personal information in the private sector. Seeded as a first-class compliance.framework with articles structured as controls, cross-framework refs to ISO 27001 / GDPR / HIPAA.
lynx_compliance_law25
· v19.0.1.0.0
· Premium
What this solves
Lynx Compliance - Quebec Law 25
Quebec Law 25 (Loi 25) seeded as a first-class framework with the substantive requirement of each major article as a control - cross- referenced with ISO 27001, GDPR, PIPEDA, and CSF 2.0.
Any business handling personal information of Quebec residents is in scope of Law 25, with administrative fines up to $10M or 2% of worldwide turnover and penal sanctions up to $25M or 4%. This module ships the modernised Quebec privacy law as a navigable control catalog organised by the law's logical groupings, ready to assess on the same engine that runs CSF, ISO, and SOC 2 evidence.
Key Features
Six-function structure - Governance, Collection & Consent, Use & Disclosure, Individual Rights, Breach Management, Cross-Border & Special Cases.
~35 article-level controls - one per major substantive obligation, sufficient for a readiness assessment and a CAI defense.
Phased applicability tracking - controls flagged with the September 2022 / 2023 / 2024 in-force date so legacy assessments can be replayed.
Cross-framework refs - seeded mappings to ISO 27001:2022, ISO 27701, GDPR, PIPEDA, and NIST CSF 2.0.
CAI-aligned navigation - functions and categories follow the Commission d'accès à l'information published guidance.
Integrates With
lynx_compliance - registers as a framework alongside CSF, ISO, SOC 2, GDPR, HIPAA, PIPEDA.
lynx_compliance_privacy - PIA, DSAR, consent, and breach records become evidence on Law 25 controls automatically.
Depends on
Try Lynx Compliance - Quebec Law 25 on your team.
Free trial, no credit card. Talk to sales when you're ready.