GDPR compliance is not a one-time project — it is a continuous programme. Our Readiness Roadmap gives you a structured, phased path from your current posture to demonstrable, audit-ready compliance. Every milestone is mapped to specific GDPR articles so you know exactly what you are building toward.
Take the Free GDPR Readiness Assessment →
Phase 1 — Baseline & Discovery (Days 1–30)
Goal: Understand what data you hold, where it goes, and what your legal obligations are.
- GDPR Readiness Assessment — structured questionnaire across all five obligation domains
- Data mapping workshop — identify all personal data flows, storage locations, and processors
- Lawful basis audit — confirm or establish a legal basis for every processing activity
- Gap analysis report — prioritised list of non-conformities mapped to GDPR articles
- Record of Processing Activities (RoPA) — Article 30 compliant, ready for regulatory review
Phase 2 — Remediation & Controls (Days 31–60)
Goal: Close the highest-risk gaps and build the foundational compliance infrastructure.
- Privacy Notice and internal policy drafting (Articles 13, 14, 24)
- Data Processing Agreements with all sub-processors (Article 28)
- Cookie consent implementation review and remediation
- Data Subject Rights workflow — access, erasure, portability, and objection handling procedures
- Breach response procedure — detection, assessment, notification, and documentation (Articles 33–34)
- Staff awareness training on GDPR obligations
Phase 3 — Operationalise & Sustain (Days 61–90)
Goal: Embed GDPR into business-as-usual operations and establish ongoing governance.
- DPIA process — screening criteria, templates, and approval workflow for new projects
- Vendor management programme — ongoing due diligence and DPA lifecycle management
- International transfer compliance — SCCs, Transfer Impact Assessments, adequacy decisions
- Compliance calendar — scheduled reviews, training cycles, and policy refresh triggers
- Final readiness report — evidence pack structured for supervisory authority inquiry
What You Get at the End
- Documented RoPA covering all processing activities
- GDPR-compliant privacy notices and cookie consent
- Signed DPAs with every sub-processor
- Operational Data Subject Rights workflow with response templates
- Breach response runbook
- Staff training records
- Evidence pack in case of regulatory inquiry
Who This Is For
- Scale-ups and mid-market companies onboarding EU customers for the first time
- Companies that have received a regulator enquiry and need to demonstrate remediation
- Legal and compliance teams that need a structured programme rather than ad-hoc advice
- Founders and CTOs preparing for enterprise sales that require GDPR evidence
Ready to Begin?
Not sure where you stand? Take our free GDPR Readiness Scorecard — it takes 8–12 minutes and shows you exactly which phase of the roadmap to begin in.