How a Quebec SME met the challenge of compliance with Law 25: Nmédia’s experience

In today’s constantly evolving digital world, protecting personal data has become crucial for companies of all sizes. In Quebec, the adoption of Law 25 (link only available in French) marked a significant turning point in this direction. But how can an SME meet this challenge without drowning in legal complexity? The story of Nmédia, a Quebec‑based company specializing in developing customized digital solutions, offers some valuable and inspiring insights. Here’s some feedback from our participation on the Law 25 panel with Fasken and Solio Cooperative Group.

To listen to the Fasken conference, to listen to the conference, click here.

Why comply with Law 25?

Imagine yourself in the shoes of Patrick Bélanger, Vice‑President of Development, Technology and Innovation at Nmédia. You’re running a fast‑growing company, which has gone from a handful of employees to a hundred, and suddenly, a new law on personal data protection comes into force. What do you do about it? For Nmédia, the answer was clear: embrace change.

Compliance with Law 25 wasn’t just a legal obligation for us,” explains Patrick Bélanger. “It was an opportunity to strengthen the trust of our customers and set ourselves apart in the marketplace.

This decision was challenging. Like many SMEs, Nmédia was faced with limited resources and was already juggling several priorities. However, the company saw beyond the immediate obstacles, recognizing the natural alignment between Law 25 and transparency and its customer protection values.

How Nmédia approached compliance

The road to compliance seemed more like an epic adventure than a simple administrative task. Here’s how Nmédia turned this challenge into an opportunity:

1. Designation of an internal champion: Patrick, although not a lawyer, took the reins of the project thanks to his passion for legal aspects and governance. “I’m not a lawyer,” he jokes, “but I’m probably the only person who gets excited about contracts and compliance!”
2. Alliance with experts: Nmédia called on Fasken’s specialized lawyers to navigate the complex waters of Law 25. “It was like having a compass in an unknown sea,” explains Patrick.
3. A step‑by‑step approach: “An elephant is eaten one bite at a time,” Patrick reminds us. Nmédia adopted a step‑by‑step approach, starting with a complete inventory of its systems and data.
4. Updating contracts and policies: The company reviewed all its legal documents to ensure compliance, strengthening its overall contractual position.
5. Training and awareness: Nmédia organized training sessions for all employees, turning compliance into a shared responsibility.
6. Testing and continuous improvement: “We dealt with compliance as a product in continuous development,” explains Patrick. Regular testing and fine‑tuning kept Nmédia up to date.

Overcoming challenges

Nmédia’s journey was not without obstacles. Managing priorities was a constant challenge, especially in the face of unforeseen events such as a cyber incident and other contractual requirements. “There were times when we wondered if we were going to make it,” Patrick admits. “But every challenge made us more resilient and determined.”

The company’s size was both an advantage and a disadvantage. On the one hand, being an SME allowed for greater agility. On the other hand, limited resources meant that every decision had to be carefully weighed.

Unexpected benefits

Along the way, Nmédia discovered that compliance with Law 25 brought much more than legal peace of mind. “We gained a much deeper understanding of our data and processes,” Patrick explains. “This has enabled us to optimize our operations and offer a better service to our customers.”

Customer confidence has grown, and Nmédia has positioned itself as a leader in data protection in its sector. “Our customers now know that when they work with us, their data is safe,” says Patrick proudly.

Advice for other SMEs

On the strength of his experience, Patrick offers these tips for other SMEs embarking on their compliance journey:

1. Start now: “The best time to start was yesterday; the second‑best time is now,” insists Patrick.
2. Surround yourself with experts: Don’t underestimate the value of good legal advice.
3. Build on what you already have: You probably already have more in place than you think.
4. Take it one step at a time: Don’t be overwhelmed. Move forward gradually.
5. Make compliance part of your culture: Make it a responsibility all employees share.

A new chapter for Nmédia

Nmédia’s journey towards compliance with Law 25 is not over. It’s an ongoing process, a story in constant evolution. But thanks to its determination, flexibility and positive approach, Nmédia has transformed what could have been a burden into an opportunity for growth and innovation.

We’re proud of what we’ve achieved,” Patrick concludes, “but we’re even more excited about the future. Data protection isn’t a destination; it’s a journey. And we’re ready for the rest of the adventure.

Nmédia’s story reminds us that even facing the most complex challenges, an SME can survive and thrive with the right attitude and partners. So, are you ready to begin your journey towards compliance?