Back to home
Sample Deliverables

What we actually produce for you

Audit-ready documents, not slideware. These are real deliverables generated through our platform and finalized by our attorneys — anonymized here to a fictional company, Meridian Retail Group.

Privacy program & data mapping

The system of record: a board-ready program report and a maintained Record of Processing Activities.

Privacy Program Report

PDF

19-page snapshot: data inventory, assets by type, vendor coverage, DSAR timeliness, and Article 9 safeguards.

Records of Processing Activities (RoPA)

PDF

GDPR Article 30 register of every processing activity — purposes, legal bases, data categories, recipients and retention.

Vendor & third-party risk

Processor and sub-processor inventory with criticality, DPA coverage and certifications.

Vendor & Sub-processor Register

PDF

GDPR Article 28 register: 42 vendors scored by criticality, DPA-on-file coverage, and top certifications (ISO 27001, SOC 2…).

Assessments — DPIA · LIA · custom

Impact and legitimate-interest assessments produced per processing activity or vendor.

DPIA — Customer Analytics Platform

PDF

Data Protection Impact Assessment: necessity, proportionality, risks to data subjects and mitigations.

LIA — Salesforce CDP

PDF

Legitimate Interests Assessment: purpose, necessity and balancing test for a customer data platform.

LIA — mParticle

PDF

Legitimate Interests Assessment for a customer-data infrastructure vendor.

LIA — Tealium

PDF

Legitimate Interests Assessment for a tag-management / CDP vendor.

LIA — Customer Analytics & BI

PDF

Legitimate Interests Assessment for an internal analytics and business-intelligence use case.

LIA — Fraud Detection & Prevention

PDF

Legitimate Interests Assessment for fraud-prevention processing.

Privacy Review — Loyalty Program

PDF

Custom assessment of a rewards / loyalty program's data flows and disclosures.

Privacy Review — SMS Marketing Campaign

PDF

Custom assessment of consent, opt-out and data handling for a new SMS marketing campaign.

Breach & incident

A maintained register for personal-data breaches and the 72-hour clock.

Personal Data Breach Register

PDF

Incident log with severity, affected data, notification decisions and timelines.

Privacy notices

Plain-language, customer-facing privacy centers and notices we draft and maintain.

Privacy Center (full)

Web

A navigable privacy center: policy plus website/app and loyalty notices, covering CCPA sale/share, Global Privacy Control, sensitive data, a loyalty financial-incentive disclosure, and automated decisions.

Privacy Notice (plain-language)

Web

A stripped-back, reader-first consumer notice: what we collect, do-not-sell/share and GPC, your choices, and rights across US states and the EU/UK.

Website Privacy Notice

Web

Mid-weight site notice covering cookies and pixels, advertising sale/share with GPC, session replay, analytics, and automated decisions.

Want these for your company?

The platform that produces them is included free — you pay only for our time. Start with a 30-minute call.