27kay27kay

GDPR Compliance

Practical GDPR compliance for your business - from assessing where you stand to implementing processes that actually work.

GDPR without the panic

GDPR doesn’t have to be a boogeyman. At its core, the regulation asks one simple thing: handle the personal data you process responsibly. We help you achieve GDPR compliance with processes your team will actually follow - not a stack of documents nobody reads.

How we work

We assess what you’re already doing

Before we create anything new, we understand your current state. Many companies are already doing most things right without realizing it. We identify the gaps and prioritize by real risk, not theoretical severity:

We implement GDPR processes that work

We don’t hand you template policies and walk away. We work with your team to build processes that fit the reality of your business:

We train your team

GDPR compliance isn’t just documentation - your people need to understand what it means in practice. We run training sessions people remember, because they’re concrete and connected to their everyday work.

GDPR and ISO 27001 - better together

If you already have or are planning ISO 27001 certification, a large part of the technical measures for GDPR are already covered. We help you integrate the two frameworks instead of duplicating effort. Our approach is always practical - one system that satisfies both sets of requirements.

Why work with us

Next step

Not sure how well your company meets GDPR requirements? Let’s talk - we’ll give you an honest assessment of what’s already in good shape and what genuinely needs improvement.

Frequently Asked Questions

Do we need a Data Protection Officer (DPO)?
It depends on your processing activities. Public bodies and companies that do large-scale systematic monitoring or process sensitive data at scale need a DPO. For many startups and small businesses, it's not required - but having someone responsible for privacy is always a good idea.
What happens if we get a data subject access request?
You have 30 days to respond. We help you set up a clear process so these requests don't cause panic - from verification and data gathering to a proper response. Most companies get very few, but you need to be ready.
How does GDPR relate to ISO 27001?
There's significant overlap. ISO 27001 covers the technical and organizational security measures that GDPR requires. If you already have an ISMS, you're well on your way. We integrate the two frameworks so you don't duplicate effort.
What are the real penalties for non-compliance?
Fines can reach up to 4% of annual global turnover or 20 million euros, whichever is higher. In practice, regulators tend to focus on companies that show clear negligence. Demonstrating genuine effort toward compliance goes a long way.
How long does a GDPR compliance project take?
For a typical small to mid-sized company, expect 2 to 4 months for a thorough assessment and implementation of core processes. It's not a one-time project though - GDPR compliance is ongoing, and we help you build processes that sustain it.