Privacy Attorney

Data Protection Impact Assessment

A Data Protection Impact Assessment, or DPIA, is legally required by the General Data Protection Regulation (GDPR), in some instances. It serves as the foundation for your organization's privacy framework. The technological and informational discovery process required in conducting a DPIA is the most reliable method to map the data your organization, site, and apps collect. As well as, assist you in understanding the impact the technologies, partners, and providers you've chosen will have on the people who visit and interact with your website and apps.

The Kinney Firm can work with your business's internal developers, with a third party vendor, or partner with trusted Kinney Firm affiliates, to conduct a privacy audit for your website or app and provide you with a Data Protection Impact Assessment for inclusion in your business's privacy compliance records. When you elect to engage Kinney Firm and one of our trusted affiliates, you will also be provided with a Statement of Work, outlining the level of effort or specific costs associated with making the recommended technological changes to your site or app, streamlining the discovery process necessary legal work and for site and app development; saving you time and money.

In addition to assisting in the drafting of custom Privacy Notices and Terms of Use to reduce your organization’s legal liability, having a DPIA provides your team with documentation that your organization has considered privacy risks related to your intended data collection and processing evidencing you have met your broader data protection obligations.


If you have a website or app, a privacy notice is a legal requirement and part of your privacy compliance concerns. What needs to be included in your privacy notice varies by the industry you are working in, the data you collect, and where your clients or customers are located and reside. US and EU privacy and data protection laws are complex and highly nuanced. Kinney Firm can assist you in drafting a Privacy Notice that is customized to your needs and conforms to applicable laws.


Do you need a cookie banner? Does your Cookie Notice need to be a separate page or can it be included in your Privacy Notice? The answer to these questions, again, depends on a myriad of factors. Kinney Firm has the knowledge and experience to provide you with the legal advice you need to assist you with complying with applicable laws by crafting a custom Cookie Notice based on your business and target clientele.



Privacy experts warn that it's not a matter of if you have a data breach, it's when. Even the most secure sites and privacy compliant businesses can experience a breach. Do you know what you need to do if a breach happens to you? We do.

Kinney Firm can assist you with creating a Data Breach Response Strategy, based on your business and resources. Whether it's data breach response templates or the strategy for where to start when a breach occurs, that comply with laws that apply to the data breached, your business, and your users, we will make sure you have the information and strategy necessary promptly and intelligently respond to a data breach and comply with applicable data breach notification laws.




A key component to privacy compliance and limiting your company's liability is to have an internal Privacy Policy for how your organization collects, treats, stores, and delete user data collected from your site and app users, vendors, employees, clients and customers. This Privacy Policy needs to be clearly communicated to your employees and incorporated into your employee handbook.

There is no one size fits all; which privacy and data laws apply and best privacy practices for your business depend on a long list of factors. Kinney Firm will guide you in answering the questions necessary to create a custom Internal Privacy Policy that will assist in your organization's privacy compliance and limiting your legal liability.




What good is a privacy framework, internal privacy policy or data breach response plan if no one knows about it? Communication is key to limiting liability associated relating to privacy compliance and data breach response plans. Kinney firm is able to create and offer customized online and on-site privacy training for your business.


Have GDPR or Cookie Policy Questions? We can help. Schedule your privacy consultation and we will assess what you need and assist in prioritizing your path to privacy compliance.