Data Privacy Program (DPP) Template

Editable Data Privacy Program Template

ComplianceForge is pleased to announce the release of its newest product, the Data Privacy Program (DPP). The DPP is an editable and affordable solution for Chief Privacy Officers (CPOs) and Chief Information Security Officers (CISOs) who are tasked with developing and implementing a data privacy program at their organization.

The DPP helps ensure data protection-related controls are adequately identified and implemented across your systems, applications, services, processes and other initiatives, including third-party service providers. The DPP prescribes a comprehensive framework for the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of Personal Data / sensitive Personal Data (PD / sPD). 

ComplianceForge designed the DPP for cybersecurity and privacy personnel who are tasked to with "privacy compliance" for their organization. This involves advises privacy stakeholders on Privacy by Design (PbD) matters, while providing oversight to your organization's executive management that stakeholders are being held accountable for their associated data privacy practices.

Rosetta Stone Approach To Privacy Principles

Based on our experience, we understand that most smaller-to-medium-sized businesses lack the knowledge and experience to undertake such privacy program documentation efforts. That means businesses are faced to either outsource the work to expensive privacy consultants, write it themselves or ignore the requirement in hopes of not get in trouble for being non-compliant. To solve this issue, ComplianceForge chose to leverage the the Secure Controls Framework Privacy Management Principles (SCF PMP) as an efficient way to align with an assortment of "privacy principles" that organizations are faced with.

When you look at a comparison of privacy-relevant laws, regulations and frameworks, you will see a wide variety of expectations. The SCF PMP's solution to the apples-to-oranges comparison was to create a metaframework of privacy principles that covers nineteen (19) privacy frameworks to provide the ability to demonstrate adherence to multiple privacy principles.

Leading Privacy Practices Alignment

The SCF PMP is a “Rosetta Stone” of data privacy management principles that maps to the following privacy practices:

1. AICPA’s Trust Services Criteria (TSC) (2017)
2. Asia-Pacific Economic Cooperation (APEC)
3. California Privacy Rights Act (CPRA)
4. European Union General Data Protection Regulation (EU GDPR)
5. Fair Information Practice Principles - Department of Homeland Security (DHS FIPPs)
6. Fair Information Practice Principles - Office of Management and Budget (OMB FIPPs)
7. Generally Accepted Privacy Principles (GAPP)
8. HIPAA Privacy Rule
9. ISO/IEC 27701:2019
10. ISO/IEC 29100:2011
11. Nevada SB820
12. NIST SP 800-53 R4
13. NIST SP 800-53 R5
14. NIST Privacy Framework v1.0
15. OASIS Privacy Management Reference Model (PMRM)
16. Organization for Economic Co-operation and Development (OECD)
17. Office of Management and Budget (OMB) - Circular A-130
18. Personal Information Protection and Electronic Documents Act (PIPEDA)
19. Privacy by Design (PbD) – The 7 Foundational Principles

What Exactly Is The Data Protection Program (DPP)?

At its core, the DPP is an editable Microsoft Word document that establishes your organization's privacy program. It is designed to address the who / what / when / where / why / how concepts that need to exist to operationalize privacy principles. If you take a look through the table of contents in the example listed below, you will see coverage for reasonable privacy program expectations:

• Stakeholder identification and accountability structure
• Applicable privacy-specific laws, regulations and frameworks
• Concept of Operations (CONOPS) - mission, vision, strategy and mulit-year roadmap to operationalize the privacy program
• Targeted privacy maturity level
• Organization-specific criteria to meet privacy management principles
• Data classification and handling guidelines
• And more!

The DPP is a one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The DPP is capable of scaling for any sized company. 

• The DPP is an editable Microsoft Word document that providers program-level guidance to directly supports your company's policies and standards for ensuring secure engineering and privacy principles are operationalized.
• This product addresses the “how?” questions for how your company ensures privacy principles are operationalized.

Cost Savings Estimate

When you look at the costs associated with either (1) hiring an external consultant to write data privacy program documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing the DPP from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:

• For your internal staff to generate comparable documentation, it would take them an estimated 120 internal staff work hours, which equates to a cost of approximately $17,000 in staff-related expenses. This is about 4-8 months of development time where your staff would be diverted from other work.
• If you hire a consultant to generate this documentation, it would take them an estimated 80 consultant work hours, which equates to a cost of approximately $36,000. This is about 2-3 months of development time for a contractor to provide you with the deliverable.
• The DPP is approximately 8% of the cost for a consultant or 18% of the cost of your internal staff to generate equivalent documentation.
• We process most orders the same business day so you can potentially start working with the DPP the same day you place your order.

Learn More About The DPP

Click on the image below to learn more about the DPP!

If you have any questions, please contact us for more details.