1.

Personal Data Inventory

2. Personal Data Process Flow
3. Consent Forms
4. Sample Data Sharing Agreements (DSAs)
5. DSA Tracker
6. List of PIPS (service providers, consultants, outsourcerers)
7. Sample Outsourcing Agreement with PIPs
8. List and Samples of Security Clearances issued
9. List of Security Measures and Policies: Physical, Organizational and Technical
10. Results of Security Audits
11. Designation and Functions of the DPO
12. Duly Notarized Registration Form with Stamp from NPC
13. Candidate Privacy Impact Assessment Inventory of PPPMST
14. PIAs (Ongoing, Completed, Pending)
15. Compilation of Privacy Notices
16. List and Picture of Placement of CCTV Cameras with notices
17. Compilation of Privacy and Data Protection-related Policies and Procedures (“Manual”)
18. Registry of Systems processing personal data
19. Listing of individual/organizational certifications
20. Notification regarding automated decision making operations
21. Network Access Policies affecting personal data
22. Physical Access Policies affecting personal data
23. Breach Management Team Directory
24. Breach Management Policies/Procedures
25. Results of Breach Drills
26. Breach Notifications
27. Privacy-related Incident Tracker
28. Privacy-related Trainings Schedule and Tracker
29. Complaint Log/Tracker
30. Request from Data Subjects Log/Tracker
31. Consolidated Schedule of privacy-related activities
32. Consolidated Report of Privacy-related Budget/Expenditures
33. Privacy Management Score card
34. Change Management/Communication Plan
35. Performance Commitments/KPIs
36. Privacy Vision/Mission Statement