SERVICES 002 + 003 — DOCUMENT AND IMPLEMENT
From gap report to compliance in operation
A report won't defend you before the Agency. What defends you are correct documents and workflows that work when a data subject files a request or a breach blows up. That's what we leave installed.
The paperwork the law demands, generated with AI and signed by lawyers.
Record of Processing Activities (RoPA)
The mandatory inventory of all your processing activities, maintained and versioned in our tooling.
Privacy and processing policies
For customers, employees, candidates and suppliers. In plain language, not legalese translated from the GDPR.
Processor contracts (DPA)
Data processing addenda for your vendors: cloud, payroll, marketing, support.
Impact assessments (DPIA)
For high-risk processing: sensitive data, large-scale monitoring, automated decisions, scoring.
Consent copy and notices
Forms, cookies, cameras, marketing: every capture point with its correct lawful basis.
Workflows that respond on their own when the law knocks.
ARCOP rights
Intake channel, identity verification, deadlines and template responses for access, rectification, cancellation, objection and portability.
Breach notification
Procedure for detection, assessment and notification to the Agency and to data subjects within deadline, drill included.
Consent management
An auditable record of who consented to what, when and how — the evidence the Agency will ask for.
International transfers
Clauses and safeguards to move data out of Chile without breaching the new regime.
EVERYTHING RUNS ON YOUR CURRENT STACK — MICROSOFT, GOOGLE OR WHATEVER YOU USE.