An enterprise buyer’s security review is the moment GDPR gaps surface. Find and close them before the deal depends on it.
A scored diagnostic across all nine GDPR domains, every gap rated by risk and effort, and a prioritised roadmap with the templates pointed at your gaps — delivered in about a week.
✓ Money-back guarantee. Fixed scope, fixed fee · report in about a week · Enterprise (multi-entity) scoped on a call.
Standard is a fixed price you buy directly. Enterprise covers multiple entities and hands-on rollout, scoped on a short call.
✓ Money-back if you’re not happy
You share access and context; we agree the scope in writing before any work starts.
We assess against the rules that actually apply to you and pinpoint every gap.
A written report: findings, a scored rating and a prioritised fix-first roadmap.
We talk through the findings, the priorities and your questions.
The report, roadmap and relevant kit templates — plus a review a month on.
Where it helps, we run the engagement in a shared Slack or Microsoft Teams channel — so questions and hand-offs happen where your team already works. Available on Enterprise and retained engagements; correspondence on our side stays on Proton.
A written, board-ready report — score, findings rated by risk and effort, and a fix-first roadmap you can act on. Plus the relevant kit templates and a walkthrough call.
Representative layout · real sample on request
The same nine-domain diagnostic, gap register and roadmap — from someone who has built GDPR programmes at scale — as a fixed €3,500, in about a week. Money-back if you’re not happy.
Handled directly by a senior compliance and contracts practitioner with 15 years across contracts, GDPR, IP and the EU AI Act — 10,000+ contracts and corporate documents reviewed, 1,000+ deals across the table, both sides of M&A, and a recent USD 40M+ software exit, expertly managed.
Want the DIY version first? The GDPR Readiness Kit — the same substance, done yourself for a fraction of the price.
See the kitLimits — additional activities in blocks of 10 at +€600; one lead-authority context. Not included — DPIA drafting for specific processing (quoted separately), DPO service.
After the report you’re not on your own — execute it yourself with the GDPR Kit, hand remediation to the Enterprise tier, or keep it current with Fractional support.
Pick the one that matches where you are — each stands alone, buy in any order or on its own. Your team does the work with our templates; that’s why this costs a fraction of a consultancy.
We need context and limited access to the right people and documents — confirmed in writing as part of scope before any work starts. We don’t need production data.
About a week from when access and scope are confirmed. Standard covers one entity and up to ~20 processing activities.
No. This is a fixed-scope commercial compliance assessment — structured information and expert analysis of your posture — not legal advice, a formal legal opinion, or representation before a regulator. It’s run by a senior practitioner; no lawyer–client relationship or privilege is created, and Xprofesso LLC is not a law firm.
What we’ll do: assess your setup against the GDPR framework, score it, and hand you a prioritised, fix-first roadmap plus the templates to close the gaps — where you stand, and what to do next.
What we won’t: draft DPIAs for specific processing (quoted separately), act as your DPO, act for you before a supervisory authority or regulator, or give an opinion on whether a measure is legally sufficient under a specific law. Where you need a regulated professional, we say so and point you to a licensed lawyer.
Money-back guarantee — if you’re not happy with what you receive, you don’t pay.