Skip to content
WebDirect
Article 32Article 5(2)

GDPR Technical Gap Assessment

2–3 week engineering audit of your infrastructure against GDPR Article 32. 20-page executive report with prioritized findings and 90-day remediation roadmap.

€1,800–€2,700
EUR
4060
hours
1014
business days
Fixed scopeEU-nativeNDA pre-signed
💡Quick Answer

Web Direct's GDPR Technical Gap Assessment is a 2–3 week engineering audit of your infrastructure against the 14 technical requirements of GDPR Article 32. Senior engineers review your stack, deliver a 20-page executive PDF report with prioritized findings, and provide a 90-day remediation roadmap with budget estimates. Fixed price €1,800–2,700.

📋Why this service exists

GDPR Article 32 requires organizations to implement appropriate technical measures. Without a gap assessment, you cannot know which measures are missing — making this service the essential first step of any compliance programme.

Article 32Article 5(2)

What you get

  • 20-page executive PDF report
  • Prioritized findings by GDPR article
  • 90-day remediation roadmap with budget estimates
  • Risk register (high/medium/low)
  • Live walkthrough call (1h) with your team
  • 30-day Q&A support post-delivery

How we deliver

  1. Day 0
    You request quote → reply in 4 business hours
  2. Day 1–2
    Discovery call & scope clarification
  3. Day 3–5
    Contract signed, kickoff scheduled
  4. Day 5–7
    Implementation begins
  5. Day N
    Final deliverables + walkthrough call
  6. +30 days
    Free post-delivery support

Tools & technologies

NmapOpenVASOWASP ZAPAWS Security Hubcustom scripts

Prerequisites

  • Read-only access to infrastructure (AWS/GCP console or Terraform state)
  • Architecture diagram or description
  • List of third-party processors (SaaS tools used)

Pricing

Base scope€1,800–€2,700
Estimated hours4060h
Hourly rate€45/h
Delivery time1014 business days

Within scope:

  • Infrastructure review (AWS/GCP/on-prem)
  • Single PostgreSQL/MySQL/MongoDB cluster
  • Application-level PII handling review
  • Third-party integrations (up to 10 vendors)

Outside scope (additional quote required):

  • Remediation implementation (separate service)
  • Policy/legal document review (lawyers' scope)
  • More than 3 separate environments

📋Final price confirmed in proposal within 4 hours of your request.

Realistic timeline — what to expect

  1. T+0hSubmit request
  2. T+4hInitial proposal (business hours)
  3. T+1–3dDiscovery call
  4. T+2–3dFinal invoice
  5. T+3–5dContract signed
  6. T+4–6dPayment received
  7. T+5–7dService kickoff
  8. T+5–7d+NService complete
This timeline reflects EU B2B best practices. We protect both parties from misunderstandings.

Frequently asked questions

How is this different from a legal GDPR audit?
We audit the technical systems: encryption, access controls, logging, backup, breach detection. Legal audits cover policies and contracts. Both are needed — we cover the engineering side.
Do you need production access?
Read-only access only. We never need write access or credentials to production databases. We review configuration, architecture diagrams, and infrastructure-as-code.
What format is the report?
20-page PDF with executive summary, technical findings per GDPR article, risk levels, and a prioritized remediation roadmap. Delivered in your preferred language (EN/RO/RU).
Can this help us prepare for a DPA inspection?
Yes. The report documents your current state and remediation plan — demonstrating accountability (Article 5(2)). Regulators look favorably on organizations that proactively identify and fix gaps.
What if we already have some controls in place?
We assess what exists and identify gaps. If controls are adequate, we document them. The report reflects reality — not a sales pitch.

Related services

🔍

Data Discovery & PII Mapping

Automated discovery of all personal data across databases, cloud storage, and SaaS tools — delivered as an Article 30 Records of Processing Activities (RoPA) data map.

1,1001,800
📡

PII Access Logging Implementation

Implement comprehensive audit logging of every access to personal data: who accessed what, when, from which IP, for what purpose — immutable, tamper-evident log storage.

1,8003,600
📡

SIEM Setup (Security Information & Event Management)

Deploy and configure a SIEM (Wazuh + OpenSearch or Elastic SIEM) to correlate security events, detect breach indicators, and enable 72-hour Article 33 breach notification compliance.

2,7004,500

Request a quote

You're requesting a quote for:

GDPR Technical Gap Assessment

Estimated: €1,800–2,700 · 10–14 business days

Initial proposal within 4 business hours, contract within 3 business days.

Where we'll send your proposal and invoice.

If you prefer to discuss by call.

🔒 Your data is encrypted in transit and at rest. Never shared with third parties.

Initial proposal within 4 business hours (EU hours, Mon–Fri 9:00–18:00 EET).

💼 Mutual NDA available on request before any sensitive discussion.