8 steps to Quebec Bill 64 compliance

Resource Consent and Preferences Regulations

Bill 64 came into effect in Quebec in September 2021. While it shares similarities with Canada’s Personal Information Protection and Electronics Documents Act (PIPEDA), it does have some differences as well. Quebec’s bill looks to align itself closely with the GDPR, with some of the stipulations in this law including the following:

  • Privacy impact assessments (PIAs)
  • Data breach reporting
  • Review privacy policies and notices
  • Data mapping exercises (identifying the sensitivity of the information)
  • Consent exemptions
  • Data transfer assessments
  • DSAR process
  • Appointing a privacy officer

The penalties for non-compliance in Bill 64 are far higher than any of the previous Canadian privacy laws. The previous maximum penalty sat at $50,000, but under the new privacy legislation, penalties can go up to $25,000,000.


With new requirements regarding information collected through digital means, enhanced requirements around international data transfers, mandatory breach reporting requirements, and the introduction of privacy by design, Quebec’s latest data privacy law introduces many new measures to Canada’s privacy landscape.


Make sure you’re on top of compliance with Bill 64 with our checklist. Download it to learn more.

Get Resource

Note: All fields marked with * are required

I’d like email updates on local events, news, resources and products to stay connected with the OneTrust community. Unsubscribe at any time.

I’d like a solution expert to provide product information or show me a custom demo of the OneTrust platform

How would you like us to contact you?

Privacy Notice

You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

Onetrust All Rights Reserved