This is where policies starts to come in and we will explore the various sections needed.

Now that we have identified our risks, we need to work towards mitigating the risk. A good first step is to arrive at a statement of intent and then document it. This is an internal document prepared as a policy for the organization to follow. This is our Privacy Policy. A Privacy Policy should comprise of:

• Policy Coverage
• Applicable Laws & Regulations
• Organization Structure (including having a Data Protection officer AND/OR Chief Privacy Officer)
• Collection of Personal Data 
• Basis of Processing 
• Consent - if consent as a processing basis is used
• Purpose of processing
• Data Minimization
• Retention periods
• Disclosure 
• Transfer (Cross border, sharing, transfer of data to processor etc.)
• Security Considerations
• Rights Requests Management
• Compliance Management 

The flow described in this season can be used by in either of the below situations:

• you and work standalone/ 
• work with a consultant/expert 
• can be used to run the show via the Arrka Privacy Management Platform (both for Security and Privacy). 

For details, reach out to us on [email protected]; [email protected]; twitter: sameeranja, twitter: arrka2; Give a reference of this cast and avail credits on the platform usage and subscription. The Arrka Platform is made by SMB and for the SMB.