← All assessments
For software companies selling to enterprise · fixed-fee assessment

Your GDPR posture, scored — and a roadmap to fix it.

An enterprise buyer’s security review is the moment GDPR gaps surface. Find and close them before the deal depends on it.

A scored diagnostic across all nine GDPR domains, every gap rated by risk and effort, and a prioritised roadmap with the templates pointed at your gaps — delivered in about a week.

✓ Money-back guarantee. Fixed scope, fixed fee · report in about a week · Enterprise (multi-entity) scoped on a call.

What you get

Two ways to run it.

Standard is a fixed price you buy directly. Enterprise covers multiple entities and hands-on rollout, scoped on a short call.

Standard · €3,500

Your GDPR posture, scored

  • Scored across all nine domains — lawful bases, data-subject rights, records (RoPA), security (Art 32), processors & DPAs, international transfers, breach readiness, retention and consent
  • A gap register, each gap rated by risk and effort
  • A prioritised remediation roadmap, plus the GDPR kit templates pointed at your gaps
  • A written report (board summary + findings) and a walkthrough call
  • Your reviewed processing activities returned structured in the RoPA register, from the information you provide — ready to maintain, not a blank template

Fixed scope — one entity, up to ~20 processing activities · report in about a week

Buy now — €3,500

✓ Money-back if you’re not happy

Enterprise · from €6,000

Multi-entity & DPO-level

  • Everything in Standard, plus:
  • Multiple entities, products or large data estates
  • Hands-on remediation, including DPAs and vendor chains
  • Ongoing review as you implement

Scoped to your estate

Book a scoping call
How it works

From access to roadmap in about a week.

How every assessment runs
01 · intake
Scope confirmed

You share access and context; we agree the scope in writing before any work starts.

02 · analysis
Classified & scored

We assess against the rules that actually apply to you and pinpoint every gap.

03 · report
Board-ready findings

A written report: findings, a scored rating and a prioritised fix-first roadmap.

04 · walkthrough
Live call

We talk through the findings, the priorities and your questions.

05 · follow-up
Yours to keep

The report, roadmap and relevant kit templates — plus a review a month on.

Working with your team

Where it helps, we run the engagement in a shared Slack or Microsoft Teams channel — so questions and hand-offs happen where your team already works. Available on Enterprise and retained engagements; correspondence on our side stays on Proton.

The deliverable

A report you can take to the board.

representative layout
GDPR Gap Assessment

Your GDPR report

  • Board summary1 p
  • Score · nine domainsRAG-rated
  • Gap registerrisk × effort
  • Remediation roadmapfix-first
  • Templates pointed at gapsincluded
  • Walkthrough call30 min
SCORE · Developingcurrent as of July 2026

What lands in your inbox.

A written, board-ready report — score, findings rated by risk and effort, and a fix-first roadmap you can act on. Plus the relevant kit templates and a walkthrough call.

Representative layout · real sample on request

A consultancy’s GDPR gap assessment is open-ended and billed by the hour.

The same nine-domain diagnostic, gap register and roadmap — from someone who has built GDPR programmes at scale — as a fixed €3,500, in about a week. Money-back if you’re not happy.

Who does the work
SENIOR
SPECIALIST

Handled directly by a senior compliance and contracts practitioner with 15 years across contracts, GDPR, IP and the EU AI Act — 10,000+ contracts and corporate documents reviewed, 1,000+ deals across the table, both sides of M&A, and a recent USD 40M+ software exit, expertly managed.

Fixed scope, fixed fee, agreed up front · not legal advice · no lawyer–client relationship

Want the DIY version first? The GDPR Readiness Kit — the same substance, done yourself for a fraction of the price.

See the kit
Scope — what €3,500 buys, and the limits

Limits — additional activities in blocks of 10 at +€600; one lead-authority context. Not included — DPIA drafting for specific processing (quoted separately), DPO service.

After the report you’re not on your own — execute it yourself with the GDPR Kit, hand remediation to the Enterprise tier, or keep it current with Fractional support.

The GDPR menu

Wherever you are with GDPR, here’s what fits.

Pick the one that matches where you are — each stands alone, buy in any order or on its own. Your team does the work with our templates; that’s why this costs a fraction of a consultancy.

Check yourself — free
GDPR Readiness ScorecardA dynamic read across your bases and transfers in minutes.Open ›
Get assessedyou’re here
GDPR Gap Assessment · €3,500Nine domains scored, gaps rated, a prioritised roadmap.On this page
Get the documents
GDPR Readiness Kit · €690The full policy, notice, DPA and register set — deployable.Open ›
Get it done, keep it current
Enterprise · Fractional · Founder on CallHands-on remediation, ongoing upkeep, or a briefing call.Open ›
A specific DPA on the table?
Expert Contract ReviewSenior review and negotiation of the contract in front of you.Open ›
Questions

Before you book.

Do you need access to our systems?

We need context and limited access to the right people and documents — confirmed in writing as part of scope before any work starts. We don’t need production data.

How long does it take?

About a week from when access and scope are confirmed. Standard covers one entity and up to ~20 processing activities.

Is this restricted legal advice?

No. This is a fixed-scope commercial compliance assessment — structured information and expert analysis of your posture — not legal advice, a formal legal opinion, or representation before a regulator. It’s run by a senior practitioner; no lawyer–client relationship or privilege is created, and Xprofesso LLC is not a law firm.

What we’ll do: assess your setup against the GDPR framework, score it, and hand you a prioritised, fix-first roadmap plus the templates to close the gaps — where you stand, and what to do next.

What we won’t: draft DPIAs for specific processing (quoted separately), act as your DPO, act for you before a supervisory authority or regulator, or give an opinion on whether a measure is legally sufficient under a specific law. Where you need a regulated professional, we say so and point you to a licensed lawyer.

What if I’m not happy with it?

Money-back guarantee — if you’re not happy with what you receive, you don’t pay.

Pass the security review instead of stalling on it.