Overview: PAYOPIC's document outlines its privacy policy, data breach procedures, incident response, records of processing activities, data subject rights, and governance framework.
Privacy Policy
- PAYOPIC is committed to protecting personal data.
- The policy outlines data processing categories, purposes, legal bases, and data subject rights under GDPR and CCPA/CPRA.
Data Breach Notification Template
- PAYOPIC follows GDPR Article 33/34 and CCPA requirements for breach notifications.
- Notifications include breach nature, affected data, mitigation measures, and contact details for follow-up.
Incident Response Playbook
- The incident response process includes six steps: Detection & Logging, Containment, Investigation, Notification, Remediation, and Post-Incident Review.
- Actions align with the 72-hour GDPR breach notification window.
Records of Processing Activities (ROPA)
- PAYOPIC maintains a structured ROPA that includes data subjects, categories of personal data, purposes, legal basis, recipients, transfers, retention, and security measures.
- ROPA is reviewed annually or upon major changes.
DSAR Procedure & Templates
- PAYOPIC handles Data Subject Rights requests for access, erasure, rectification, objection, and portability under GDPR and CCPA/CPRA.
- Requests are verified, logged, and fulfilled within legal timeframes using standard templates for consistency.
Privacy Governance Framework
- Governance includes accountability from the Board, DPO, CCO, and CISO with functional roles across various departments.
- Annual training, audits, DPIAs, and vendor due diligence ensure compliance and accountability.
