73% of European SMEs do not fully comply with the General Data Protection Regulation. The fines are real: up to €20 million or 4% of global annual turnover. We get you compliant — before the fine arrives.
Free analysis · Response within 24h · No commitment
Mailing lists without documented consent, web forms collecting more data than necessary, unencrypted customer files. Each of these points is a potential infringement.
68% of European websites activate tracking cookies before obtaining user consent. Data protection authorities actively fine companies: in 2023 alone, over €7 million in sanctions were imposed in Spain.
Agreements with suppliers, employees and clients that don't include data protection clauses or contain obsolete references. An audit identifies them immediately.
The GDPR requires a Data Protection Officer (DPO) in many types of organisations. Not having one — or having one without adequate training — is itself a sanctionable infringement.
In the event of unauthorised access to personal data, you have 72 hours to notify the supervisory authority. Without an established protocol, meeting that deadline is practically impossible.
Using AWS, Google Cloud or Azure doesn't exempt you from liability. Data processing agreements with these providers must reflect GDPR compliance — and most companies don't have them properly configured.
A clear action plan, with priorities and deadlines — no jargon, no small print. We handle everything.
We map all personal data flows in your organisation: what data you have, where it comes from, where it's stored, who has access and on what legal basis. The essential starting point.
We create and maintain the mandatory register of all your company's data processing activities — the document supervisory authorities request first in any inspection.
If your company needs a DPO, we cover it. Our certified officers assume legal responsibility, act as liaisons with supervisory authorities and train your team.
We implement a legal and compliant Consent Management Platform (CMP): cookie banner, granular preferences, consent records and third-party script review.
We review and update all affected contracts: with suppliers (data processors), employees, clients and partners. We draft the necessary clauses in accordance with the GDPR.
We implement the technical measures required by the GDPR: encryption in transit and at rest, access controls, password management, backups and pseudonymisation of sensitive data.
We design the incident response plan: detection, assessment, 72h notification to the supervisory authority and communication to those affected. Without a protocol, chaos is inevitable and the fine is double.
Training sessions tailored to your company's roles: management, sales, HR, IT. Human error is the main cause of breaches — we train your team to recognise and avoid the most common risks.
5 minutes, 8 questions. You get your current compliance level and the critical points to resolve.
5-10 working days. We map data, review contracts, audit the website and technical infrastructure.
We deliver a prioritised plan with clear deadlines, responsibilities and cost estimates — no surprises.
We execute the plan and maintain compliance over time. GDPR is not a one-off project.
Most law firms don't understand encryption. Most IT companies don't understand regulation. We do both — and that makes the difference when the inspection arrives.
Lawyers specialised in digital law and data protection with direct experience before supervisory authorities. We don't outsource the legal side.
Data encryption, cookie configuration and infrastructure security don't stay in a PDF — we implement them ourselves.
The RPA, privacy policies, contracts and consent records are documented in a format ready to present to any supervisory authority.
GDPR changes. Case law changes. Your company changes. We include periodic reviews so compliance doesn't expire a month after achieving it.
If your company operates in the EU, has customers in the EU or processes personal data of European citizens — yes, you are obliged. This applies to virtually any company with a website, mailing list, employees or clients. Size doesn't exempt you: the GDPR applies to sole traders and SMEs too.
For most SMEs, between 3 and 6 weeks for the basics (documentation, cookies, contracts). Full technical implementation (encryption, security protocols, training) can take an additional 2-3 months. The process varies depending on the volume of data processed and the complexity of the systems.
A DPO is mandatory if: (1) you are a public authority or body, (2) you process data on a large scale as a core activity, or (3) you process on a large scale special categories of data (health, ideology, religion, etc.). In other cases it is recommended but not mandatory. The free test helps you determine this.
You have 72 hours from detecting the breach to notify the supervisory authority — if there is a risk to the rights and freedoms of those affected. If the risk is high, you must also notify those affected directly. Without a pre-established protocol, meeting that deadline is practically impossible.
It depends on the scope: the volume of data, the complexity of the systems and existing contracts. For an SME with 5-50 employees, an initial compliance project typically costs between €3,000 and €8,000. Annual maintenance ranges from €1,200 to €3,600. We do a free analysis first and give you a no-commitment proposal.
No. The privacy policy is just one of the many GDPR requirements. Without a Record of Processing Activities, updated contracts with suppliers, proper consent management, documented technical security measures and a breach protocol, compliance is only apparent — and doesn't protect against sanctions.
The free 5-minute test shows you exactly where your company stands and what risks you face. No prior registration, no commitment — and you receive the report by email.