Operator-grade resources for Canadian SaaS teams preparing for the Personal Privacy and Data Control Act.
PPCDA shifts compliance from policy-based to evidence-based. This hub helps teams understand what PPCDA actually requires.
View the PPCDA Evidence ChecklistIt requires teams to prove how privacy, security, and data workflows actually function — not just document them.
PPCDA focuses on logs, audit trails, deletion evidence, access control proof, and vendor compliance verification.
DSARs, vendor renewals, retention enforcement, and access reviews become evidence-heavy under PPCDA.
PPCDA is Canada’s new privacy and data governance law. It requires organizations to produce verifiable evidence of compliance.
Any organization operating in Canada or serving Canadian users — SaaS, fintech, healthtech, marketplaces, and more.
Logs, screenshots, exports, vendor confirmations, DSAR audit trails, retention enforcement records — anything verifiable and timestamped.
Procurement teams will feel PPCDA first. Renewals require evidence of vendor compliance, deletion, and access control.
PPCDA overlaps with security controls — access, encryption, logging, incident response, and vulnerability management all require evidence.
Map evidence ownership, centralize evidence, fix DSAR workflows, validate vendor evidence, enforce retention, and align teams.
If your team is preparing for PPCDA, Kelunoa provides a checklist that maps evidence items and ownership across privacy, ops, and security.
Join the Waitlist