Readiness Process

Sprint Timeline

The engagement follows structured phases, each building on the outputs of the previous one.

1

Intake

2–6 days
  • NDA & stakeholder map
  • Document request
  • Scoping interviews
  • System boundary draft
2

Assessment

9 days
  • TSC selection
  • Type 1/Type 2 recommendation
  • Control walkthroughs
  • Evidence sampling
3

Outputs

9 days
  • Controls matrix & gap register
  • Policy/document backlog
  • Evidence calendar
  • Executive readout & roadmap
4

Follow-on

Variable
  • Remediation implementation
  • Type 2 observation period

Phase Details

1. Intake & Scoping Week 1

We start by understanding your multi-state footprint and current privacy posture.

  • Multi-state applicability analysis — identify which state privacy laws apply based on your operations, revenue, and consumer reach
  • Current privacy program review — assess existing privacy notices, consent mechanisms, and data handling procedures
  • Consumer rights workflow assessment — evaluate current processes for responding to consumer privacy requests
  • Opt-out mechanism inventory — catalog existing opt-out mechanisms and assess GPC support readiness

2. Assessment Week 2–3

We evaluate your privacy program against the requirements of all applicable state laws.

  • Cross-state requirement mapping — map overlapping and divergent requirements across all applicable state laws
  • Privacy notice gap analysis — identify gaps between current disclosures and multi-state requirements
  • Consent and opt-out mechanism evaluation — assess whether current mechanisms meet the strictest applicable standards
  • PIA requirement assessment — determine which processing activities trigger privacy impact assessment requirements

3. Outputs Week 3–4

We deliver the artifacts that harmonize your privacy program across jurisdictions.

  • Harmonized compliance matrix — every requirement mapped across states, with a unified control set that satisfies all
  • Universal privacy notice template — a single privacy notice that meets or exceeds all applicable state requirements
  • Cross-state rights response procedures — standardized procedures for handling consumer requests under all applicable laws
  • Opt-out implementation plan — technical and operational plan for universal opt-out including GPC support

4. Follow-on Ongoing

After the readiness sprint, ongoing monitoring keeps your program current as new laws take effect.

  • New state law monitoring — track newly enacted and proposed state privacy legislation for applicability
  • Privacy notice updates — update disclosures as new laws take effect or existing laws are amended
  • PIA program maintenance — maintain privacy impact assessment program as processing activities and requirements evolve

Sprint Deliverables

Every readiness sprint produces these minimum deliverables:

Multi-state applicability analysis
Harmonized compliance matrix
Universal privacy notice template
Cross-state rights response procedures
Opt-out implementation plan
PIA methodology and triggers
Data broker registration assessment
New state law monitoring plan

Start Your Readiness Sprint

Most companies complete the readiness sprint in 3–4 weeks. The result is a harmonized privacy program that scales across all applicable state jurisdictions.

Get in Touch