Expanded Package

Your company is growing, offering additional services in additional markets—and with that success comes additional compliance obligations. We know what you need to make that work!  DPSA’s Expanded Compliance Package has the tools you need to grow your privacy program. In addition to core Policies, this package includes important Compliance Activity Templates so you can begin documenting your risk, data flows, and information security activity. It’s the beginning of a more robust compliance program, and gets you off to a strong start.

We’ve also included two hours of guidance from one of DPSA’s Privacy Experts. If you decide you still need a little more help, we’ll credit the cost of this package against future work with DPSA.

Includes a Two-Hour Privacy Expert on Demand Consultation &
Policy Templates Below:

CCPA Website Privacy Notice

This privacy statement is for organizations who wish to demonstrate compliance with California’s Consumer Protection Act.

GDPR Website Privacy Notice

The GDPR Website Notice is a privacy statement (privacy policy) which demonstrates an organization’s compliance with the General Data Protection Regulation.

Cookie Notice

This is a straightforward cookie notice to explain the company’s use of cookies on their website. IT can be used as a stand alone statement or incorporated into a website privacy statement.

Internal Privacy Policy & Standards

This is an internal policy for an organization’s employees and ensure they are following best practices regarding the confidentiality and integrity of and personal information the company collects, maintains and/or processes.

Employee Privacy Notice

This privacy notice is for an organization’s employees, vendors, contractors and others who may be providing services to the company. It can be used as a stand-alone policy or incorporated into an employee handbook.

Privacy Impact Assessment Threshold Assessment

This PIA threshold assessment template is used by organizations to help determine if a full Data Protection Impact Assessment or Privacy & Security Impact Assessment is required.

Record of Processing Activities Policy

The Record of Processing Activities policy governs the company’s data mapping process. This policy is needed to inventory assets, vendors, and processing activities to ensure proper contracts are in place, for security best practices, and for compliance with regulations, laws, and auditors’ recommendations.

Record of Processing Activities (RoPA) Template

The Record of Processing Activities (RoPA) template allows organizations to document and map data flows without the use of privacy technology platforms. This template is a very comprehensive and captures all relevant information needed for a complete Article 30 report.

Data Subject Request Policy & Guidelines

A Data Subject Request (DSR) is a written request made by or on behalf of an individual for the personally identifiable information which is held by the company. This policy establishes the procedures and governs the process.

General Website Privacy Notice

The General Website Privacy Notice is a simple and straightforward privacy notice (or privacy policy) for an organization’s website where the company’s operations are not data intensive and there are no cross-border data transfers.

Vendor Management Policy

The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk.

GDPR & CCPA Data Processing Addendum

A data processing agreement (DPA) – also known as a data processing addendum – is a contract between data controllers and data processors or data processors and subprocessors. Data controllers should have a DPA in place with all of the data processors they use.

Information Security Policy

A solid Information Security policy will potentially reduce the risk of data breaches, accidental data leakage & protect your business from malicious threats.

Incident Management Policy & Guidelines

This document template will establish procedures and processes necessary to ensure proper and effective responses to any security incidents. It is used in combination with the Security Event Report.

Security Event Report Template

This document template is a comprehensive Security Event Report. Any organization which experiences a security event needs to properly document the event and actions taken.

California Breach Notification Policy Template

California law requires an organization to notify any California resident whose unencrypted personal information was breached.

Marketing Checklist

The Marketing Checklist is a helpful guide for any organization engaging in digital and/or direct marketing. Covering email marketing, telemarketing and SMS, this checklist helps marketers ensure consent is properly obtained.

GDPR Compliance Overview

This document template allows an organization to create an overview statement of their stance towards the GDPR and highlight how they are demonstrating compliance.



Click below to purchase our Expanded Kit