What Observantia actually does
A compliance management tool for Law 25. Think of it as a command center for staying on the right side of Quebec's privacy law.
The four things you actually do in Observantia
Each one maps to a specific obligation in Law 25. Work through them at your own pace.
Compliance Assessments
You answer a checklist of 100+ controls grouped by topic: data collection, consent, storage, and more. Each control is rated Required, Recommended, or Optional. You mark each one as Compliant, Partially Compliant, or Non-Compliant. The system calculates a compliance score and shows you where the gaps are.
Instead of reading the law and guessing what applies to you, you get a structured walkthrough. An HR director or privacy officer works through it section by section, saves progress, and comes back to it.
Incident Registry
When a data breach or privacy incident happens (unauthorized access, data loss, disclosure), you log it here. The tool tracks whether the incident poses a risk of serious injury to individuals, and if so, walks you through the legally required notification to the CAI.
An employee accidentally emails a client list to the wrong person. You log it, assess the risk, and the system tells you whether you need to notify the CAI and tracks that you did.
Data Subject Requests
When someone asks "what data do you have on me?" or "delete my data," Law 25 gives you 30 days to respond. Observantia tracks each request, auto-calculates the deadline, color-codes urgency, and sends email reminders at 15 and 25 days.
A former client emails asking for their file. Reception logs the request. The privacy officer sees it on the dashboard with a countdown. Nobody forgets, nobody misses the legal deadline.
Privacy Impact Assessments (EFVP)
Before launching a new project that involves personal data (new CRM, new hiring process, new marketing tool), Law 25 requires you to assess the privacy risks. Observantia provides a 9-step guided form covering: what data, where it flows, third parties involved, cross-border transfers, risks, and mitigations.
A company wants to adopt a new AI tool that processes employee data. Before rolling it out, the privacy officer fills out the EFVP form. If a regulator ever asks, the assessment is documented and timestamped.
Everything the auditor will ask for
Templates to start from, evidence to attach, and reports to generate. All in one place.
Template Library
Pre-written bilingual templates for 13 document types: privacy policy, governance policy, incident response plan, consent forms, data retention policy, employee training guide, vendor agreement addendum, breach notification letter, access request response, PIA template, privacy officer designation, and data inventory.
Instead of paying a lawyer $5,000 to draft a privacy policy from scratch, you download a solid template, customize it, and you're 80% there.
Evidence Management
Attach proof to anything: upload files, paste links, or write notes. Evidence ties to controls, incidents, data subject requests, or privacy impact assessments. This is how you prove compliance during an audit.
You say you have a privacy policy? Attach it as evidence to the relevant control. You trained employees? Upload the attendance sheet. Everything is in one place when the auditor comes.
Compliance Reports
Generate four types of PDF reports: Full Compliance, Executive Summary, Gap Analysis, and Audit-Ready. Data pulls directly from your assessments.
Board meeting next week and they want a privacy update? Generate an Executive Summary. Regulator audit? Generate the Audit-Ready report with all your controls, evidence, and scores.
Accountability built in
Audit Log
Every action in the system is logged: who did what, when, from where. Filterable, searchable, and exportable to CSV.
Proves to a regulator that your compliance program is active and maintained. Not a one-time checkbox exercise.
Consultant Portal
For organizations working with a compliance consultant. Your consultant can access your workspace, help you work through assessments, and everything they do is logged separately. When the engagement ends, you keep using the tool independently.
Your consultant works alongside you inside the tool. You see what they did, they see your progress. When the engagement is done, nothing changes for you.
See something your organization needs?
Create an account and try the full platform for 14 days. No credit card required.