Your company is growing, offering additional services in additional markets—and with that success comes additional compliance obligations. We know what you need to make that work! DPSA’s Expanded Compliance Package has the tools you need to grow your privacy program. In addition to core Policies, this package includes important Compliance Activity Templates so you can begin documenting your risk, data flows, and information security activity. It’s the beginning of a more robust compliance program, and gets you off to a strong start.
We’ve also included two hours of guidance from one of DPSA’s Privacy Experts. If you decide you still need a little more help, we’ll credit the cost of this package against future work with DPSA.
This privacy statement is for organizations who wish to demonstrate compliance with California’s Consumer Protection Act.
This is an internal policy for an organization’s employees and ensure they are following best practices regarding the confidentiality and integrity of and personal information the company collects, maintains and/or processes.
This privacy notice is for an organization’s employees, vendors, contractors and others who may be providing services to the company. It can be used as a stand-alone policy or incorporated into an employee handbook.
This PIA threshold assessment template is used by organizations to help determine if a full Data Protection Impact Assessment or Privacy & Security Impact Assessment is required.
The Record of Processing Activities policy governs the company’s data mapping process. This policy is needed to inventory assets, vendors, and processing activities to ensure proper contracts are in place, for security best practices, and for compliance with regulations, laws, and auditors’ recommendations.
The Record of Processing Activities (RoPA) template allows organizations to document and map data flows without the use of privacy technology platforms. This template is a very comprehensive and captures all relevant information needed for a complete Article 30 report.
A Data Subject Request (DSR) is a written request made by or on behalf of an individual for the personally identifiable information which is held by the company. This policy establishes the procedures and governs the process.
The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk.
A data processing agreement (DPA) – also known as a data processing addendum – is a contract between data controllers and data processors or data processors and subprocessors. Data controllers should have a DPA in place with all of the data processors they use.
A solid Information Security policy will potentially reduce the risk of data breaches, accidental data leakage & protect your business from malicious threats.
This document template will establish procedures and processes necessary to ensure proper and effective responses to any security incidents. It is used in combination with the Security Event Report.
This document template is a comprehensive Security Event Report. Any organization which experiences a security event needs to properly document the event and actions taken.
California law requires an organization to notify any California resident whose unencrypted personal information was breached.
The Marketing Checklist is a helpful guide for any organization engaging in digital and/or direct marketing. Covering email marketing, telemarketing and SMS, this checklist helps marketers ensure consent is properly obtained.
This document template allows an organization to create an overview statement of their stance towards the GDPR and highlight how they are demonstrating compliance.