Book a call
Menu
763-332-9976
Book a call
Home
/
Services
/
privacy compliance
privacy compliance

GDPR & DPA support

Privacy compliance that scales with your product — built for companies with EU customers, not EU regulators. Legal counsel for supervisory authority inquiries is client-arranged and client-paid.

Book a scoping call
All services
  • 3 to 16 weeks engagement
  • EU customers · Sub-processor chains · Privacy program
  • Legal counsel for supervisory authority inquiries is separate

GDPR built for companies scaling into Europe

Most GDPR resources are written for companies with large EU operations and dedicated legal teams. We build practical privacy programs for SaaS companies entering EU markets — data mapping, DSAR workflows, sub-processor management, and breach notification procedures that work in practice.

Important: Legal counsel for supervisory authority inquiries, DPA negotiations, and breach notification letters is client-arranged and client-paid. ISPH provides compliance program management — not legal representation.

Pricing tiers

Launch
$4,500–$7,000
one-time · 22–38 hrs · 3–5 weeks
Overage: $185/hr · Legal counsel for DPA review separate
  • GDPR applicability assessment and gap analysis
  • Record of Processing Activities (RoPA) — initial build
  • Standard Data Processing Agreement (DPA) template
  • Core GDPR policies (Privacy Notice, Data Retention, DSR Procedure)
  • Data breach notification process and templates
  • GRC platform GDPR control mapping
Growth · Most popular
$8,500–$16,000
one-time · 45–85 hrs · 5–8 weeks
Overage: $195/hr · 60-day post-delivery support · Legal counsel separate
  • Everything in Launch, plus:
  • Full GDPR privacy program (all required policies and procedures)
  • Sub-processor registry build and notification process
  • Data Protection Impact Assessment (DPIA) template and process
  • DPA negotiation support (legal counsel separate)
  • SCCs and transfer mechanism documentation (EU-US data transfers)
  • Data subject request (DSR) workflow and response templates
  • GDPR + SOC 2 control harmonization
Scale
$16,000–$36,000+
one-time + retainer option · 90–170 hrs · 6–10 weeks initial
Overage: $225/hr · Legal counsel for supervisory authority inquiries separate
  • Everything in Growth, plus:
  • Multi-jurisdiction privacy program (GDPR + UK GDPR + CCPA/CPRA alignment)
  • Binding Corporate Rules (BCR) readiness assessment
  • Supervisory authority inquiry response preparation (legal counsel separate)
  • Annual RoPA refresh and gap assessment
  • Executive and board privacy risk reporting
  • GDPR + HIPAA dual compliance (for health data across jurisdictions)

GDPR + SOC 2 bundle

 
  • European enterprise buyers increasingly require both GDPR and SOC 2
  • Control overlap reduces combined cost vs. two separate engagements

European enterprise buyers increasingly require both GDPR and SOC 2.

Control overlap reduces the combined cost versus two separate engagements. We scope the bundle at the kickoff call.

Talk to a practitioner