Article 30Article 5(1)(f)

Data Discovery & PII Mapping

Automated discovery of all personal data across databases, cloud storage, and SaaS tools — delivered as an Article 30 Records of Processing Activities (RoPA) data map.

€1,100–€1,800

EUR

24–40

hours

7–10

business days

Fixed scopeEU-nativeNDA pre-signed

💡Quick Answer

Automated discovery of personal data across all your data stores: databases, S3/GCS, SaaS integrations, and logs. Delivered as a structured PII inventory and Article 30 RoPA data map within 7–10 business days. Fixed price €1,100–1,800.

📋Why this service exists

Article 30 requires a Register of Processing Activities documenting where personal data lives, who processes it, and for what purpose. Most organizations discover they have PII in unexpected places — this service finds them all.

Article 30Article 5(1)(f)

What you get

Complete PII inventory (data type, location, sensitivity)
Article 30 RoPA structured data map
Data flow diagram (who sends what where)
Classification by sensitivity (standard / special category)
List of orphaned/stale PII data stores
Recommendations report

How we deliver

Day 0
You request quote → reply in 4 business hours
Day 1–2
Discovery call & scope clarification
Day 3–5
Contract signed, kickoff scheduled
Day 5–7
Implementation begins
Day N
Final deliverables + walkthrough call
+30 days
Free post-delivery support

Tools & technologies

AWS MacieGCP DLPClover DXcustom Postgres scripts

Prerequisites

Read access to database schemas (not data)
List of SaaS tools that receive personal data
Cloud console read-only access

Pricing

Base scope€1,100–€1,800

Estimated hours24–40h

Hourly rate€45/h

Delivery time7–10 business days

✓ Within scope:

•Up to 5 databases (PostgreSQL, MySQL, MongoDB, etc.)
•AWS S3 or GCP Cloud Storage (one bucket namespace)
•Up to 10 SaaS integrations

⚠ Outside scope (additional quote required):

•More than 5 databases (additional quote per cluster)
•On-premises legacy databases without API access
•Legal review of the RoPA document

📋Final price confirmed in proposal within 4 hours of your request.

Realistic timeline — what to expect

T+0hSubmit request
T+4hInitial proposal (business hours)
T+1–3dDiscovery call
T+2–3dFinal invoice
T+3–5dContract signed
T+4–6dPayment received
T+5–7dService kickoff
T+5–7d+NService complete

This timeline reflects EU B2B best practices. We protect both parties from misunderstandings.

Frequently asked questions

Do you read the actual personal data?

No. We discover PII by analyzing schema structure, column names, and metadata patterns. We never need to read actual personal records.

What if we use many microservices?

We map the data flows between services. Each microservice database counts toward the database limit — if you have more than 5, we quote per additional cluster.

Does this produce a GDPR-ready Article 30 register?

Yes. The output is structured to meet Article 30 requirements. It still requires legal review to add purposes, legal bases, and retention periods — that's outside our engineering scope.

Related services

🔍

GDPR Technical Gap Assessment

2–3 week engineering audit of your infrastructure against GDPR Article 32. 20-page executive report with prioritized findings and 90-day remediation roadmap.

€1,800–2,700

🏗️

Data Retention Automation (Article 5(1)(e))

Implement automated data retention policies: automatically delete or archive personal data when the retention period expires, across databases, file storage, and logs.

€1,800–3,600

🛡️

Right to Erasure Automation (Article 17)

Build an automated pipeline that finds and erases all personal data for a given data subject across all systems within 30 days of request.

€3,600–5,400

Request a quote

You're requesting a quote for:

Data Discovery & PII Mapping

Estimated: €1,100–1,800 · 7–10 business days

Initial proposal within 4 business hours, contract within 3 business days.

Your name *

Work email *

Where we'll send your proposal and invoice.

Company name *

Country (where company is registered) *

Company size *

When do you need this? *

Do you have a Data Protection Officer (DPO)?

Anything we should know about your situation? (optional)

Phone (optional)

If you prefer to discuss by call.

I agree to the processing of my data per Web Direct's Privacy Policy. *

🔒 Your data is encrypted in transit and at rest. Never shared with third parties.

⏱ Initial proposal within 4 business hours (EU hours, Mon–Fri 9:00–18:00 EET).

💼 Mutual NDA available on request before any sensitive discussion.