Skip to main content

On-demand webinar coming soon...

On-demand webinar coming soon...

Demystify Canadian privacy laws

Canadian flag waving on the wind

A simpler solution to compliance

The Canadian privacy landscape is changing. Legislation exists at a federal and provincial level, including laws like PIPEDA and the recently enacted Law 25 in Quebec. The OneTrust Privacy and Data Governance Cloud simplifies compliance with existing and emerging regulations while supporting you in building enduring trust with your customers. 

Speak with a Canadian privacy expert to find your solution, or explore the resources below to learn more.

Privacy & Data Governance

Comparing Canada's privacy laws

Download this infographic to compare provisions in Alberta, British Colombia, and Quebec with those found at a federal level in PIPEDA and those proposed under the Consumer Privacy Protection Act.

Download infographic

Privacy & Data Governance

Top tips for Law 25 compliance

Download this infographic to learn more about Law 25’s provisions, their effective dates, and what you can do to meet Law 25 compliance.

Download infographic

Privacy & Data Governance

Quebec's Law 25: What the CPO wants the CTO to know

Quebec’s Law 25 is a major legislative development in Canadian privacy that will have a significant effect on IT systems. Learn more about what the CPO wants the CTO to know.

Download eBook

How OneTrust helps

Law 25 requires organizations to make data breach notifications to Le Commission d’accès à l’information du Quebec, as well as to any affected individuals. This is also a focus under Bill C-27  as enforcement is set to change with respect to both the mitigation and reporting of breaches.


We help teams:

  • Streamline context collection for incident response efficiency 
  • Reduce incident recurrence with root cause analysis 
  • Simplify notifications 

Changes are coming in terms of the rights afforded to Canadians, bringing them more in line with other global standards like the GDPR.  


We help teams:

  • Empower customers with choice and control over their data 
  • Enable consumers to opt-out of third-party tracking technologies  
  • Automate all requests, whether from a consumer or employee, a request for access or deletion 

Both Quebec and the federal proposed Bill C-27 introduce requirements to undertake different assessments.  


We help teams:


  • Embed privacy impact assessments into existing business systems to capture context from stakeholders at the right time
  • Conduct threshold assessments to determine high-risk processing and trigger DPAs when relevant
  • Demonstrate compliance with real-time regulatory intelligence, insights, and analytics  


Consent is becoming more granular and aligning with other global standards.


We help teams:

  • Identify and maintain an evergreen inventory of all first- and third-party cookies and tracking technologies across your website
  • Leverage designed templates to create a seamless user experience with custom branding, support for more than 250 languages, and geolocation rules
  • As a centralized system of record, demonstrate proof of compliance with a detailed user consent transaction database

Data mapping, retention, and minimization — these have all been trends in enforcement recently, and the requirements around fundamental principles are becoming more explicit.


We help teams:

  • Maintain an up-to-date inventory of processing activities, assets, business entities, and vendors 
  • Reduce your sensitive data footprint with data retention policy automation 
  • Centralize privacy policies and notices to manage version control across your mobile and web properties 

Customer spotlight

We want to make sure that every Canadian feels their data is protected, that their personal information is being responsibly managed.
Rohin Bansal, Data Governance Director, TELUS
Woman online banking on mobile device

Ready to speak with one of our Canadian privacy experts?

Request a free demo to find your solution.