1metadata:
 2  id: "data-protection-policy-002"
 3  type: Policy
 4  gemara-version: "0.20.0"
 5  description: "Ensure compliance with data protection regulations and safeguard personal information"
 6  version: "1.5.0"
 7  author:
 8    id: privacy-team
 9    name: "Privacy Team"
10    type: Human
11    contact:
12      name: "Privacy Officer"
13      affiliation: "Legal & Compliance"
14      email: "privacy@company.com"
15  mapping-references:
16    - id: "GDPR"
17      title: "General Data Protection Regulation"
18      version: "2016/679"
19      description: "EU regulation on data protection and privacy"
20      url: "https://gdpr-info.eu/"
21    - id: "CCPA"
22      title: "California Consumer Privacy Act"
23      version: "2020"
24      description: "California state law on consumer privacy"
25      url: "https://oag.ca.gov/privacy/ccpa"
26
27title: "Data Protection and Privacy Policy"
28contacts:
29  responsible:
30    - name: "Data Protection Officer"
31      affiliation: "Legal & Compliance"
32      email: "dpo@company.com"
33  accountable:
34    - name: "Chief Privacy Officer"
35      affiliation: "Executive Team"
36      email: "cpo@company.com"
37
38scope:
39  in:
40    geopolitical:
41      - "European Union"
42      - "California"
43      - "United Kingdom"
44    technologies:
45      - "Customer Data Systems"
46      - "Analytics Platforms"
47      - "Marketing Tools"
48      - "HR Information Systems"
49
50imports:
51  guidance:
52    - reference-id: "GDPR"
53      constraints:
54        - id: "gdpr-encryption-constraint"
55          target-id: "Art. 32"
56          text: "Enhanced technical and organizational measures for data security"
57  catalogs:
58    - reference-id: "CCPA"
59      constraints:
60        - id: "ccpa-consumer-rights"
61          target-id: "1798.150"
62          text: "Enhanced consumer rights implementation"
63
64adherence:
65  evaluation-methods:
66    - id: "EV-AUTO-01"
67      type: "Behavioral"
68      mode: "Automated"
69      description: "Continuous data protection monitoring"
70    - id: "EV-MANUAL-01"
71      type: "Behavioral"
72      mode: "Manual"
73      required: true
74      description: "Quarterly privacy impact assessments"
75  enforcement-methods:
76    - id: "EM-GATE-01"
77      type: "Gate"
78      mode: "Automated"
79      description: "Data classification verification before processing"
80  non-compliance: "Data breaches must be reported within 72 hours of discovery"