Comprehensive Package

Your company has privacy and security obligations under US and global regulations, which you’re currently managing internally—but you need a little bit of outside help. That’s what we’re here for!

Our Comprehensive Compliance Package provides the necessary Policies and accompanying Compliance Activity Templates so you’ll be ready to tackle Data Inventory and Data Subject Requests, Impact Assessments, Vendor Risk Management, and other security best practices.  You’ll get all the templates you need to begin building a robust and sustainable program—and we’ve even included guidelines to help with privacy concerns stemming from reopening during COVID-19.

An added perk: this package comes with four hours of guidance from one of DPSA’s Privacy Experts. And if you decide you still need a little more help, we’ll credit the cost of this package against future work with DPSA.

Includes four hours of Privacy Expert on Demand Consultation & Policy Templates Below:

CCPA Website Privacy Notice

This privacy statement is for organizations who wish to demonstrate compliance with California’s Consumer Protection Act.

GDPR Website Privacy Notice

The GDPR Website Notice is a privacy statement (privacy policy) which demonstrates an organization’s compliance with the General Data Protection Regulation.

Cookie Notice

This is a straightforward cookie notice to explain the company’s use of cookies on their website. IT can be used as a stand alone statement or incorporated into a website privacy statement.

Internal Privacy Policy & Standards

This is an internal policy for an organization’s employees and ensure they are following best practices regarding the confidentiality and integrity of and personal information the company collects, maintains and/or processes.

Employee Privacy Notice

This privacy notice is for an organization’s employees, vendors, contractors and others who may be providing services to the company. It can be used as a stand-alone policy or incorporated into an employee handbook.

Privacy Impact Assessment Threshold Assessment

This PIA threshold assessment template is used by organizations to help determine if a full Data Protection Impact Assessment or Privacy & Security Impact Assessment is required.

Data Subject Request Policy & Guidelines

A Data Subject Request (DSR) is a written request made by or on behalf of an individual for the personally identifiable information which is held by the company. This policy establishes the procedures and governs the process.

Data Subject Request Tracking Log

The Data Subject Access Request log is used to track every Data Subject Request an organization receives. Access requests should all be documented, no matter the final outcome.

Record of Processing Activities Policy

The Record of Processing Activities policy governs the company’s data mapping process. This policy is needed to inventory assets, vendors, and processing activities to ensure proper contracts are in place, for security best practices, and for compliance with regulations, laws, and auditors’ recommendations.

Record of Processing Activities (RoPA) Template

The Record of Processing Activities (RoPA) template allows organizations to document and map data flows without the use of privacy technology platforms. This template is a very comprehensive and captures all relevant information needed for a complete Article 30 report.

Vendor Management Policy

The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk.

Vendor Management Checklist

This checklist is used to qualify and onboard/terminate vendors. Organizations need to properly assess vendors who are processing personal data on their behalf.

GDPR & CCPA Data Processing Addendum

A data processing agreement (DPA) – also known as a data processing addendum – is a contract between data controllers and data processors or data processors and subprocessors. Data controllers should have a DPA in place with all of the data processors they use.

Job Applicant Privacy Notice

This privacy notice is for job applicants and candidates. It highlights the use and protection of any personal data collected during the company’s recruitment process.

Notice of Financial Incentive

If an organization operates a financial incentives program, they must provide a notice of financial incentives under the CCPA.

Records Retention Policy

This policy will assist an organization in implementing a data retention/ defensible disposition program. It states your company’s process for managing documents from creation to retention or disposal.

Privacy Impact Assessment Policy

An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of PII; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns.

Information Security Policy

A solid Information Security policy will potentially reduce the risk of data breaches, accidental data leakage & protect your business from malicious threats.

Incident Management Policy & Guidelines

This document template will establish procedures and processes necessary to ensure proper and effective responses to any security incidents. It is used in combination with the Security Event Report.

Security Event Report Template

This document template is a comprehensive Security Event Report. Any organization which experiences a security event needs to properly document the event and actions taken.

California Breach Notification Policy Template

California law requires an organization to notify any California resident whose unencrypted personal information was breached.

COVID-19 Company Checklist

A useful checklist for organizations who are opening/re-opening in the wake of the COVID-19 pandemic.

COVID-19 Company Policy & Guidelines

In the wake of the COVID-19 pandemic, many organizations are collecting personal data, to include some possible sensitive personal data. This policy ensures organizations doing so are properly safeguarding this information.

Marketing Checklist

The Marketing Checklist is a helpful guide for any organization engaging in digital and/or direct marketing. Covering email marketing, telemarketing and SMS, this checklist helps marketers ensure consent is properly obtained.

GDPR Compliance Overview

This document template allows an organization to create an overview statement of their stance towards the GDPR and highlight how they are demonstrating compliance.



Click below to purchase our Comprehensive Kit