For SMBs & Enterprises Worldwide

data-privacy

Know exactly where your data lives—before regulators ask

Complete data mapping, flow analysis, and GDPR compliance in 4-6 weeks. Stop guessing about DSAR responses and cross-border transfers.

You'll Receive:

Data privacy compliance assessment report with recommendations
Prioritized data privacy remediation roadmap
Clear next steps for implementation

Get my free consultation

Response within 2 hours•Free 30-min consultation•No commitment required

Regulatory Intelligence Dashboard

GDPR - Data ProtectionHigh RiskQ2 2024

ISO 27001 - SecurityMedium RiskQ3 2024

nDSG - Swiss Data ProtectionLow RiskQ4 2024

NIS2 - Network SecurityMedium RiskQ1 2025

DORA - Digital ResilienceHigh RiskQ2 2025

HOW IT WORKS

How It Works: Our 4-Step Data Privacy Compliance Assessment Process

A systematic approach to data privacy compliance assessment that gives you evidence-based answers, not generic checklists.

Scope Definition

Define the perimeter of the data privacy compliance assessment and the criteria (the regulations and standards). We establish clear boundaries for the assessment, identifying which systems, processes, data flows, and controls will be evaluated against GDPR, Swiss nDSG, and other applicable data protection requirements.

Assessment scope and framework selection

Documentation Review

Analysis of the documentation against the criteria and best practices. We examine your existing data protection policies, procedures, Records of Processing Activities (ROPA), data flow documentation, technical configurations, and operational evidence to identify what's already implemented and documented against data privacy requirements.

Documentation analysis against data privacy requirements

Situation Appraisal

Gaps or nonconformities are rated based on the existing context and objectives. Each gap is evaluated considering your risk profile, business objectives, and implementation maturity—prioritizing gaps that have the greatest impact on your data privacy posture and compliance goals, including DSAR response capabilities, cross-border transfer compliance, and data retention policies.

List of gaps and non-conformities with risk-based prioritization

Reporting

A report is provided with recommendations and a roadmap. You receive a comprehensive data privacy compliance assessment report with prioritized remediation recommendations, cost estimates, timeline options, and a strategic roadmap for achieving full data privacy compliance.

Data privacy compliance assessment report with recommendations and remediation roadmap

Takes only 30 seconds

Not sure if this service is right for you?

Take our quick quiz to find your perfect compliance solution based on your industry, company size, and specific needs.

What You'll Get

Compliance complexity is overwhelming. Multiple jurisdictions, overlapping regulations, constant changes—we solve this in 4 weeks.

Complete, documented inventory of all personal data processing activities

GDPR Article 30 compliant Records of Processing Activities (ROPA)

30-day DSAR response capability (complete, accurate, defensible)

Cross-border data transfer documentation with proper safeguards

Compliant data retention schedules with automated deletion

Audit-ready data protection documentation for regulatory examinations

€20M GDPR fine risk eliminated through proactive compliance

Clear remediation roadmap for identified violations and gaps

👥 Meet the team

Meet Your Compliance Experts

Swiss-trained professionals with decades of combined experience in regulatory compliance, risk management, and strategic advisory

Henri HAENNI

Expert in Business Continuity, Risk Management and Information Security Governance

ISO 27001 Lead Implementer & Auditor • ISO 37301 Lead Implementer • ISO 31000 Lead Risk Manager • Sorbonne University Paris 1 Lecturer

Alexis HIRSCHHORN

Expert in Information and Cyber Security, Cloud Security, Risk Management and Governance

ISO 27001 Lead Auditor • CISSP® Certified • ISO 42001 Lead Implementer • PECB MS Certifying Auditor

Laura Menétrey

Data Protection & Information Security Legal Expert

LLM in Data Protection Law • Certified GDPR Practitioner • Information Security Laws (NIS2, DORA) • Privacy Law Specialist

Jean MUNYARUGERERO

Information Security & Business Continuity Trainer

ISO 27001 Lead Implementer • CISM® Exam Bootcamp • ISO 27005 Risk Manager • NIST Cybersecurity Professional

Frequently Asked Questions

Everything you need to know about this service

Typical timeline is 4-6 weeks for full completion: 1-2 weeks for discovery, 2-3 weeks for flow analysis, 1 week for ROPA creation, and 1-2 weeks for DSAR system setup. Larger organizations with complex environments may need 8-10 weeks. We provide weekly progress updates and can expedite for audit deadlines.

We need read-only access to systems containing personal data (databases, CRM, HR, marketing tools), system architecture diagrams, and stakeholder interviews. We don't need production data access—we analyze data types and flows, not individual records. All access is documented, time-limited, and covered by strict NDAs.

Investment ranges from CHF 25,000-75,000 depending on complexity: number of systems, data volume, international operations, and third-party integrations. Small companies (< 50 employees, < 10 systems) typically CHF 25k-35k. Mid-size (50-500 employees) CHF 40k-60k. Enterprise CHF 60k-75k+. Compare this to €20M GDPR fines or €50k-100k annual GDPR consultant costs.

We provide a prioritized remediation plan with risk levels (critical, high, medium, low). Critical violations (e.g., unprotected cross-border transfers) are flagged immediately with rapid fix guidance. We help you remediate violations before regulators discover them—which is the entire point of proactive assessment.

Yes. We regularly map hybrid cloud environments with data across AWS S3, Azure Blob Storage, GCP Cloud Storage, on-premise databases, SaaS tools (Salesforce, HubSpot, Zendesk), and third-party processors. We use automated discovery tools plus manual verification to ensure completeness.

We provide both: complete data map/ROPA AND functional DSAR response system. This includes documented workflows, request templates, data retrieval procedures, response formats, and team training. You'll be able to handle DSARs in-house after we complete—no ongoing dependency.

We include third-party analysis: identify all vendors processing your data, assess Data Processing Agreements (DPAs), evaluate sub-processors, and document transfer mechanisms. You'll have a complete vendor inventory with GDPR compliance status and remediation actions for non-compliant vendors.

We provide a living ROPA template with update procedures and schedules (typically quarterly reviews). We recommend data governance processes, system change controls, and annual re-assessments. Optional: we offer annual ROPA updates as a maintenance service (CHF 8k-15k/year).

Yes. Our deliverables are designed for regulatory scrutiny: documented methodology, evidence-based findings, compliant ROPA format, and audit trail. When regulators ask 'Do you know what personal data you process?', you'll have comprehensive, defensible documentation. We've supported 40+ regulatory audits with zero compliance findings.

Perfect—that's most of our clients. We guide you from zero. Week 1: kick-off workshop to identify key systems and stakeholders. Week 2-3: we do the heavy lifting (system analysis, interviews, documentation). Week 4-6: review findings together, prioritize remediation, implement DSAR system. You don't need existing documentation—we create everything.

Ready to Transform Your Compliance?

Let's discuss your specific needs

Expert Guidance

Swiss Quality Standards

Proven Track Record

Book Your Free Strategy Call