Your company has privacy and security obligations under US and global regulations, which you’re currently managing internally—but you need a little bit of outside help. That’s what we’re here for!
Our Comprehensive Compliance Package provides the necessary Policies and accompanying Compliance Activity Templates so you’ll be ready to tackle Data Inventory and Data Subject Requests, Impact Assessments, Vendor Risk Management, and other security best practices. You’ll get all the templates you need to begin building a robust and sustainable program—and we’ve even included guidelines to help with privacy concerns stemming from reopening during COVID-19.
An added perk: this package comes with four hours of guidance from one of DPSA’s Privacy Experts. And if you decide you still need a little more help, we’ll credit the cost of this package against future work with DPSA.
This privacy statement is for organizations who wish to demonstrate compliance with California’s Consumer Protection Act.
The GDPR Website Notice is a privacy statement (privacy policy) which demonstrates an organization’s compliance with the General Data Protection Regulation.
This is a straightforward cookie notice to explain the company’s use of cookies on their website. IT can be used as a stand alone statement or incorporated into a website privacy statement.
This is an internal policy for an organization’s employees and ensure they are following best practices regarding the confidentiality and integrity of and personal information the company collects, maintains and/or processes.
This privacy notice is for an organization’s employees, vendors, contractors and others who may be providing services to the company. It can be used as a stand-alone policy or incorporated into an employee handbook.
This PIA threshold assessment template is used by organizations to help determine if a full Data Protection Impact Assessment or Privacy & Security Impact Assessment is required.
A Data Subject Request (DSR) is a written request made by or on behalf of an individual for the personally identifiable information which is held by the company. This policy establishes the procedures and governs the process.
The Data Subject Access Request log is used to track every Data Subject Request an organization receives. Access requests should all be documented, no matter the final outcome.
The Record of Processing Activities policy governs the company’s data mapping process. This policy is needed to inventory assets, vendors, and processing activities to ensure proper contracts are in place, for security best practices, and for compliance with regulations, laws, and auditors’ recommendations.
The Record of Processing Activities (RoPA) template allows organizations to document and map data flows without the use of privacy technology platforms. This template is a very comprehensive and captures all relevant information needed for a complete Article 30 report.
The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk.
This checklist is used to qualify and onboard/terminate vendors. Organizations need to properly assess vendors who are processing personal data on their behalf.
A data processing agreement (DPA) – also known as a data processing addendum – is a contract between data controllers and data processors or data processors and subprocessors. Data controllers should have a DPA in place with all of the data processors they use.
This privacy notice is for job applicants and candidates. It highlights the use and protection of any personal data collected during the company’s recruitment process.
If an organization operates a financial incentives program, they must provide a notice of financial incentives under the CCPA.
This policy will assist an organization in implementing a data retention/ defensible disposition program. It states your company’s process for managing documents from creation to retention or disposal.
An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of PII; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns.
A solid Information Security policy will potentially reduce the risk of data breaches, accidental data leakage & protect your business from malicious threats.
This document template will establish procedures and processes necessary to ensure proper and effective responses to any security incidents. It is used in combination with the Security Event Report.
This document template is a comprehensive Security Event Report. Any organization which experiences a security event needs to properly document the event and actions taken.
California law requires an organization to notify any California resident whose unencrypted personal information was breached.
A useful checklist for organizations who are opening/re-opening in the wake of the COVID-19 pandemic.
In the wake of the COVID-19 pandemic, many organizations are collecting personal data, to include some possible sensitive personal data. This policy ensures organizations doing so are properly safeguarding this information.
The Marketing Checklist is a helpful guide for any organization engaging in digital and/or direct marketing. Covering email marketing, telemarketing and SMS, this checklist helps marketers ensure consent is properly obtained.
This document template allows an organization to create an overview statement of their stance towards the GDPR and highlight how they are demonstrating compliance.