GDPR & AI Act Audit

The problem

Most websites are non-compliant and don't even know it: a decorative cookie banner, a form with no clear legal basis, a copy-pasted privacy policy, AI tools sending personal data without you realizing. It works — until it doesn't.

For us, the GDPR & AI Act audit is not a checkbox service. Behind it sits real legal training — a law degree, a master's in International Law and European Union Law, a second master's in Law and Artificial Intelligence in progress, and articles published in specialized law journals. GDPR and the AI Act are, quite literally, European Union law.

What we check

The contact form: what data you collect, legal basis, consent
Cookie banner and real consent (not just decorative)
The privacy policy and terms, against what you actually do
Personal data flows and where they go (processors, transfers)
Your AI tool usage relative to client data — under the AI Act
A practical compliance report, with fixes prioritized by risk
Concrete recommended texts and changes for your documents

How we work

We review

We go through forms, cookies, documents and data flows.

1–2 days

We assess

We map against GDPR and the AI Act and surface the real, prioritized risks.

1–3 days

We remediate

You get the action list and recommended texts. You apply them, or we do.

3–7 days total

Pricing

The price depends on the complexity of your data flows. We give you a fixed price after the first conversation. Excludes VAT, where applicable.

GDPR / AI Act Audit

500–1,500 EUR

3–7 working days

Important: this audit is compliance consulting, not legal advice within the meaning of bar regulations, and creates no attorney–client relationship. For formal legal opinions or representation, we point you to a lawyer.

Frequent questions

Is this the same as legal advice from a lawyer?

No. It's practical compliance consulting — we check technically and organizationally where you're exposed and how to fix it. It's not legal advice within the meaning of bar law and creates no attorney–client relationship. For formal opinions or representation, see a lawyer.

Why is the law master's relevant here?

Because GDPR and the AI Act are literally European Union law. Real legal training (plus articles published in specialized law journals) means we understand the norm, not just tick a generic checklist.

What about the AI Act, does it concern me?

If you use AI tools that touch personal data or make decisions about people, yes. We check how you use AI relative to client data and what obligations apply — a layer few cover yet.

What exactly do I get?

A practical compliance report, with prioritized risks and remediation steps, plus the recommended texts or changes for your documents. Actionable immediately.

Tell us what you need. We reply within 24h.

Send a few details and we will tell you quickly whether your project fits a fixed package or needs a custom quote. The first conversation is free.

Get in touch