Do you have any questions about what’s missing?
There are already scattered policies, procedures or measures in place, but there is no clear picture of what is missing or what the priorities are.
Rapid diagnosis • Portugal • SMEs and growing organisations
A practical diagnosis of the current situation, a gap analysis and an actionable roadmap to mitigate risk, prioritise actions and prepare evidence of compliance without creating an excessive administrative burden.
We’ll get back to you within 24 working hours. No obligation.
You need to quickly confirm your GDPR compliance status, prioritise tasks and translate obligations into actionable steps for management, operations, marketing, HR and IT.
There are already scattered policies, procedures or measures in place, but there is no clear picture of what is missing or what the priorities are.
You need to address the most significant gaps first: data subject requests, incidents, data retention, contracts, consent or legal bases.
You want to demonstrate internal control to clients, partners, auditors, due diligence teams or in the context of wider implementation projects.
Ideal for management, compliance, legal, HR, marketing, IT and security teams that need to verify their obligations, organise data processing and draw up a realistic action plan.
An objective reading of the current situation, the scope of the diagnosis, the areas involved, the key systems/processes and the initial priorities.
Identification of priority processing operations, data categories, data subjects, purposes, main data flows and available evidence.
Initial review of legal frameworks, information sheets, consent forms, information provided to data subjects, and consistency between operational practice and documentation.
Analysis of retention rules, data over-retention, retention criteria, deletion/anonymisation and opportunities for simplification.
Verification of controls over suppliers, data processors, data sharing arrangements, sub-processors and risks associated with cloud services and data transfers.
Readiness to manage data subjects’ rights, assess high-risk situations, respond to incidents and escalate decisions appropriately.
Quick wins with stakeholders, priorities and critical actions to reduce risk and establish a more consistent compliance framework.
A realistic process covering implementation, document review, governance, training and continuous improvement, without excessive bureaucracy.
List of documents and evidence you should prioritise: RoPA, privacy policy, data retention, DSAR workflow, incidents, DPIA and third parties.
A simple, step-by-step process focused on practical deliverables — with a focus on what needs to be decided and implemented.
Instead of a generic list of obligations, you’ll receive a practical reading of your situation and a realistic plan of action to take control.
The simpler and quicker the start-up, the better. High-level information is all that is needed to begin the diagnosis.
Quick answers to the most common questions before you continue.
Typically 5 working days after the initial call and receipt of the minimum required evidence.
No. It is an actionable assessment that identifies gaps, priorities and a roadmap. It can subsequently serve as the basis for an implementation project, a review of documentation or a more formal audit.
Yes. The model has been designed for organisations that need clarity and rapid progress, without turning the GDPR into a cumbersome project from day one.
Yes. iPrivacy can support the implementation of the plan, policy reviews, record-keeping, privacy governance, DPOaaS, training and continuous improvement.
You can also book a 30-minute call directly so we can assess your situation and explain how the diagnosis works.
Book via Calendly (inline)
Please select the best time below for a 30-minute call.