White paper · Compliance
Law 25 Compliance with Microsoft 365
SMB guide: the 11 obligations translated into concrete Microsoft settings
The 11 obligations of Québec's Law 25, translated into concrete settings across Purview, Defender and Entra ID. Includes internal policy templates, a sample incident register, and a Privacy Impact Assessment (PIA) template.
Who it's for
SMBs, non-profits and Québec organizations · Privacy Officer (RPRP), Executive Director, leadership
White paper contents
5 chapters, 15 pages.
- 1
Law 25 in 2026 - where things really stand
3 sections
- 2
The 11 obligations to validate
11 sections
- 3
Microsoft 365 as your compliance stack
2 sections
- 4
Compliance roadmap
3 sections
- 5
Sustaining compliance over time
2 sections
What you'll learn
Concrete takeaways you can apply tomorrow.
- The 11 obligations of Québec's Law 25, explained without the legal jargon and translated into concrete Microsoft 365 settings.
- A public privacy policy template, a sample incident register, and a ready-to-adapt Privacy Impact Assessment (PIA) template.
- A realistic compliance roadmap spanning 4 to 8 weeks for an SMB, and 12 to 20 weeks for a public-sector organization.
- The real penalties at stake and how to avoid them - based on the first public cases since the law took effect.
Further reading
Related blog articles.
A shorter format, direct access with no form. To dig into a specific angle of the topic.
30 minutes to frame what matters.
A direct conversation with one of our experts. No commitment, no sales pitch. You leave with a clear, reasoned perspective on your situation.
