MANAGED Privacy Compliance

Modern privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) have added layers of complexity to the business operations of companies that process personal information. Compliance with these regulations is often mandatory and the costs of non-compliance can range from penalties to diminished organizational reputation and lost business opportunities.

Unfortunately, ensuring compliance with CCPA and GDPR can be difficult and expensive. Obligations including creating data inventories and maps, recording personal information and processing activities, responding to regulator inquiries, and knowing when and how to respond to consumer requests can be difficult to navigate. These problems are further complicated by the scarcity of skills and experience in meeting the requirements of these privacy laws.

Learn about our solution.

For businesses facing these challenges, Vicis Law’s Managed Privacy subscriptions are designed to make life easier. By outsourcing specific privacy compliance functions, organizations are able to relieve themselves of the internal burden of maintaining compliance and leverage Vicis Law’s resources and experience dealing with these complex regulations. Our Managed Privacy subscriptions enable our clients to meet the daily demands of CCPA and GDPR without significant up-front investment or effort while maintaining cost certainty.

Learn more about key business obligations under the CCPA.

Learn more about key business obligations under the GDPR.

HOW We Can Help

Learn about our approach to CCPA and GDPR compliance.

We can help with CCPA and GDPR compliance whether your company is beginning its compliance journey or already has a fully-formed privacy compliance program and simply seeks to outsource specific privacy functions.

For businesses starting CCPA and GDPR compliance, a thorough assessment is needed to determine how these regulations affect your organization’s operations. Our CCPA Readiness and GDPR Readiness services are designed to kickstart your company’s CCPA and GDPR compliance program. During a Readiness engagement, we will examine your organization’s data processing workflows, identify CCPA or GDPR compliance gaps, and advise on how to become compliant.

If your business has already determined how CCPA and GDPR applies to its operations and wants to ease its privacy compliance burden, a Managed Privacy subscription may be right for you. To help companies meet day-to-day compliance obligations, Vicis Law has developed a managed service that relieves organizations of the internal burden of complying with specific requirements of CCPA and GDPR. We offer this service as an ongoing monthly or annual subscription.

Depending on which subscription you choose, we will perform the following services for you:

Data Inventory & Mapping
  • Take inventory and categorize the data your organization possesses.
  • Map your organization's data flows subject to CCPA and GDPR.
  • Meet GDPR Article 30 requirements.
  • Manage historical data as required under the CCPA to account for the minimum 12-month lookback period.
  • Track specific types of personal information to assist with managing consumer requests.
Consumer/Data Subject Request Management
  • Manage the request process including consumer request verification.
  • Track requests from intake through fulfillment.
  • Ensure compliance with CCPA and GDPR defined response timelines.
  • Handle extension requests as needed.
  • Track the number of requests received from specific consumers.
  • Facilitate ”Do-Not-Sell” and opt-out requests and processes.
Vendor Management
  • Create a vendor inventory.
  • Coordinate vendors for consumer requests.
  • Assist with onboarding new vendors.
  • Conduct vendor risk assessments.
  • Identify which vendors sell or are sold personal information to comply with “Do-Not-Sell” and opt-out requests.
Incident & Breach Response
  • Satisfy CCPA and GDPR breach notification requirements.
  • Manage incident response including initial reporting.
  • Communicate with regulators.
  • Maintain an audit trail of incident response actions.
  • Help minimize the effects of data breaches.
Privacy Impact Assessments
  • Perform PIAs for new or proposed information processing activities.
  • Assist with evaluating the legal basis for processing activities.
  • Advise on policy updates to needed account for new processing activities.
  • Counsel on Privacy by Design principles for new processing activities.
  • Flag CCPA and GDPR specific risks and make remediation recommendations.
DPO Responsibilities
  • Under the GDPR, certain organizations are required by law to appoint a Data Protection Officer (DPO).
  • Our GDPR Managed Privacy Compliance services allow your organization to designate Vicis Law as your DPO.
  • As your DPO, Vicis Law will fulfill all of your organization's DPO responsibilities.
Validation Reports
  • Validate your business's CCPA and GDPR compliance.
  • Detail controls your company has implemented to comply with its CCPA and GDPR obligations.
  • Evaluate and document privacy controls implemented by your organization to comply with CCPA and GDPR.
  • Our Validation Reports are meant to be shared with potential customers and business partners.

WHAT To Expect

Sign up for the managed privacy compliance subscription your organization needs.

An attorney from Vicis Law will review your information and reach out to you via your preferred contact method.

We will gather any needed technical information and begin providing managed privacy services to your organization.

To learn more about what to expect during an engagement and answer any questions you may have about Vicis Law’s Managed Privacy subscriptions, please consult our FAQ. If you have any questions that are not covered in the FAQ, please do not hesitate to contact us directly.

Curious About Pricing?

Choose the Managed Privacy Subscription That’s Right for Your Business

WHY Vicis Law

Privacy Professionals
Our firm is singularly-focused on privacy and data security regulatory compliance. We specialize in assisting small and medium-sized businesses with data privacy and security issues, particularly CCPA and GDPR. We exist to provide exceptional services and are dedicated to doing just a few things well.
Attorney-Client Privilege
We understand the importance protecting client information. As attorneys, we are held to the highest standards of confidentiality regarding our communications with clients. Having open communications with our clients ensures that we can deliver our services to them with integrity and accuracy.
Industry Knowledge
Our team understands the importance of having a legal advisor that knows your business and industry. We have advised a broad range of clients spanning industries from financial services, SaaS, data hosting, enterprise resource management providers, healthcare, and pharmaceuticals.
Quality Service
Vicis aims to deliver quality legal services that simplify the compliance process. We will work closely with you to develop, implement, and maintain your data privacy compliance program. We apply our significant privacy and data security experience to deliver our services to you effectively and efficiently.

Vicis Law PC is a boutique law firm located in San Francisco, California. We specialize in assisting small and medium-sized businesses comply with privacy and information security regulations and all of our attorneys have the unique perspective of being certified privacy and information security professionals. We exist to provide exceptional services and are dedicated to doing just a few things well.

Vicis understands the hurdles companies face in today's regulatory environment. Quite often, the time and money it takes to manage privacy and information security compliance issues is a significant burden. Our solutions provide a cost-effective way to manage and stay current with compliance requirements while easing the burden on your staff.

We assist clients located across the United States, spanning industries from financial services, SaaS, data hosting, enterprise resource management, healthcare, and pharmaceuticals.

Get in touch with us to set up a consultation. Give us a call, send us an email, or use the contact form at the bottom of this page to set up a no-obligation phone consultation with one of our privacy attorneys.


Have questions or don't know where to start? We would love to hear from you and see how we can help.

Call us at


Come find us at
1160 Battery St #100
San Francisco, CA 94111
Email us at

[email protected]

Scroll to top