InfoSecProsHub
Book a call
Menu
763-332-9976
Book a call
Home
/
Services
/
privacy compliance
privacy compliance

GDPR & DPA support

Privacy compliance that scales with your product — built for companies with EU customers, not EU regulators. Legal counsel for supervisory authority inquiries is client-arranged and client-paid.

Book a scoping call
All services
  • 3 to 16 weeks engagement
  • EU customers · Sub-processor chains · DPO-as-a-Service
  • Legal counsel for supervisory authority inquiries is separate

GDPR built for companies scaling into Europe

Most GDPR resources are written for companies with large EU operations and dedicated legal teams. We build practical privacy programs for SaaS companies entering EU markets — data mapping, DSAR workflows, sub-processor management, and breach notification procedures that work in practice.

Important: Legal counsel for supervisory authority inquiries, DPA negotiations, and breach notification letters is client-arranged and client-paid. ISPH provides compliance program management — not legal representation.

Pricing tiers

Starter
$4,500–$6,500
one-time · 22–36 hrs · 3–5 weeks
Overage: $185/hr · Scope ceiling: single product, EU <20% revenue, no sub-processors
  • GDPR applicability assessment and gap analysis
  • Privacy notice and cookie policy (customer-facing)
  • Standard DPA template (controller-processor)
  • Data processing inventory starter (key processing activities)
  • Consent management recommendation
  • GDPR control mapping in GRC platform
Growth · Most popular
$8,500–$15,000
one-time · 45–75 hrs · 6–10 weeks
Overage: $195/hr · 60-day advisory support post-delivery
  • Everything in Starter
  • Records of Processing Activities (ROPA) — full build
  • Sub-processor list and management process
  • DSAR workflows (access, deletion, portability — 30-day response clock)
  • International data transfer mechanism review (SCCs, adequacy decisions)
  • Privacy by design checklist for product team
  • Data breach notification procedure (72-hour GDPR clock)
  • Staff GDPR awareness training (included)
Professional
$15,000–$24,000
one-time · 80–120 hrs · 8–14 weeks
Overage: $195/hr · 90-day advisory retainer
  • Everything in Growth
  • Data Protection Impact Assessment (DPIA) process + 1 DPIA conducted
  • Legitimate interests assessment (LIA) framework
  • Consent management platform selection and integration guidance
  • Sub-processor DPA negotiation support (legal counsel separate)
  • Cross-border transfer mechanism implementation
  • DPO designation support (internal or external)
  • SOC 2 + GDPR control alignment mapping
  • EU AI Act crosswalk (for AI/ML companies)
Enterprise · DPO-as-a-Service
$24,000–$42,000+
one-time + ongoing retainer · 125–180 hrs initial · ~6 hrs/month
Overage: $225/hr · Legal counsel for supervisory authority inquiries is separate
  • Everything in Professional
  • DPO-as-a-Service (fractional Data Protection Officer — named, direct client access)
  • Annual ROPA review and update
  • Supervisory authority inquiry response preparation (legal counsel separate)
  • GDPR regulatory change monitoring (monitoring included; rewrites = change order at $225/hr)
  • EU AI Act compliance alignment (if applicable)
  • Board-level privacy risk reporting

GDPR + SOC 2 bundle

 
  • European enterprise buyers increasingly require both GDPR and SOC 2
  • Control overlap reduces combined cost vs. two separate engagements

European enterprise buyers increasingly require both GDPR and SOC 2.

Control overlap reduces the combined cost versus two separate engagements. We scope the bundle at the kickoff call.

Talk to a practitioner