This work program sample highlights general steps an organization should follow with respect to effective data privacy.

Sample steps include verifying that the data collected is required for processing and specified in the notice; reviewing applicable policies related to the privacy of sensitive data; confirming that privacy policies are documented and made available to internal personnel, customers and third parties who need them; determining if a person or group has been formally assigned the responsibility of maintaining the entity’s privacy policies; and confirming that privacy policies and procedures are reviewed and approved by management.