Conducting, reviewing and integrating Data Protection Impact Assessments with audit-grade rigour and certification-oriented approach.
Each service is designed to respond to your organisation's specific needs.
End-to-end assessment service. From initial screening through final documentation, including a detailed Data Protection Officer opinion. We adapt scope and depth to your specific processing typology — aligned with CNPD's 22 mandatory categories.
This is the most requested service by organisations needing a robust, defensible DPIA aligned with regulatory expectations. Includes ongoing consultation, alignment with your governance structure, and adaptation to your sector-specific context.
Medium to large organisations; regulated sectors (healthcare, finance, telecom); public entities; any high-risk operations.
4 to 8 weeks (depending on complexity).
Quality audit of existing DPIAs. Your assessments may be outdated against new CNPD and EDPB guidance, or contain methodological gaps. We conduct a complete audit and provide improvement recommendations.
Particularly relevant for organisations that conducted DPIAs internally or with previous consultants, and seek independent validation and regulatory update. Ideal for periodic review cycles required by GDPR.
Organisations with existing DPIAs; periodic compliance cycles; entities that have undergone significant changes.
2 to 4 weeks.
Joint GDPR + AI Act approach. For organisations using artificial intelligence systems, impact assessment cannot be fragmented. We conduct an articulated analysis meeting both GDPR Article 35 (DPIA) and EU AI Act Article 27(4) (FRIA) simultaneously.
This service is a strategic differentiator: it avoids duplications, provides integrated risk visibility, and positions your organisation as compliant with emerging AI regulation. We coordinate cross-cutting analysis of systems, datasets and algorithms.
Organisations with AI/ML systems; profiling, fraud detection, predictive analytics applications; startups and fintechs; regulated sectors with AI.
6 to 10 weeks.
Outsourced Data Protection Officer. Not all organisations have the critical mass for a full-time internal DPO. We offer an outsourced Data Protection Officer, specialised in DPIA, functioning as a qualified extension of your team.
Service of continuous support, available to audit operations, review documentation, provide opinion on new processing, and ensure permanent compliance. Learn more at DPO as a Service.
SMEs and startups without internal compliance structure; branches/subsidiaries without local compliance office; organisations scaling with agility.
Monthly subscription or annual packages, with scalable hours per request volume.
Reduced, accessible package for micro, small and medium enterprises. We understand SMEs face budget constraints. This service provides a defensible, regulatory-aligned DPIA optimised for less-complex operations.
We use validated templates, simplified methodology (without losing rigour), and focus on material risk areas for your specific business. Includes sector-tailored consultation (e-commerce, consulting, HR, etc.).
Micro, small and medium enterprises (up to ~250 employees); startups; third-sector entities; independent consultants; any budget-constrained organisation.
Significantly more accessible than full-scale services — inquire for details.
| Criterion | Full Delivery | Review | DPIA + FRIA | DPO as Service | DPIA for SMEs |
|---|---|---|---|---|---|
| Scope | Complete, from scratch | Existing DPIA | GDPR + AI Act | Continuous | Focused |
| Complexity | High | Medium | Very High | Variable | Low-Medium |
| Duration | 4–8 weeks | 2–4 weeks | 6–10 weeks | Continuous (monthly) | 2–3 weeks |
| Target Audience | Med./Large org. | Any size | Org. with AI | SME/Startup | SME/Startup |
| DPO Opinion | ✓ Complete | ✓ If needed | ✓ Integrated | ✓ Continuous | ✓ Summarised |
| Post Support | Limited | None | Limited | ✓ Unlimited | Guidance |
Before choosing a service, identify your exact processing typology. Visit the Common Types page to explore the 8 most frequent categories.
For more details about the outsourced Data Protection Officer service, visit the dedicated page.
Complement services with in-person or online training for your compliance team.
For organisations with AI systems, consult the specialised portal for AI Risk Impact Assessments.
Fill in the form and our team will contact you within 24 business hours.