KEPLER Privacy Readiness Checklist

This checklist helps tech companies quickly assess their privacy posture before audits, RFPs, or investor due diligence. If you answer “No” or “Not sure” to 3 or more questions, it may be time to bring in expert support.

1. Core Privacy Practices

We can map where our users’ data is stored and processed, including vendors

Yes

Our team understands the difference between data controller and data processor

Yes

We have a public-facing Privacy Policy (Notice) tailored to our actual data practices

Yes

We maintain an internal Record of Processing Activities (RoPA) or equivalent documentation

Yes

We know our legal bases for processing personal data (e.g., consent, contract, legitimate interest)

Yes

2. Risk & Compliance Safeguards

We perform vendor due diligence before signing contracts with processors

Yes

We have signed or requested Data Processing Agreements (DPAs) where needed

Yes

We have documented procedures for handling data subject requests (DSRs)

Yes

We’ve assessed whether a DPIA is required for our processing activities

Yes

Our team knows what to do in case of a personal data breach

Yes

3. Bonus Readiness Signals

We’re aware of privacy laws requirements based on our markets

Yes

We’ve prepared answers to privacy questions in client, vendor, or investor reviews (due diligence)

Yes

We are confident we can pass an enterprise-level privacy assessment or audit

Yes

We’ve considered appointing an external DPO or privacy consultant

Yes

Untitled checkboxes field

I agree to KEPLER processing my name, email address, and form responses for the purpose of reviewing my answers to this checklist and providing related follow-up. I have read and agree to the KEPLER Privacy Notice.