I check if your system actually matches your compliance claims.
Based on real-world audits of complex systems.
But your actual system behavior often does not match.
That gap creates risk. Regulators don't fine you for missing paperwork. They fine you for what your systems actually do — and the paper trail that proved you knew.
Know where you're at risk within days — not months.
A focused, one-time review of a specific system, feature, cookie setup, or AI use case.
You get a clear picture of where documentation and implementation diverge —
and what to do about it.
Stay compliant as your product evolves.
A recurring session each month to review progress, answer questions, track regulatory
changes, and define concrete next steps — without building an internal compliance function.
Turn compliance into working system behavior.
For companies that need more than a review. I work alongside your team to turn
compliance requirements into real system changes — from technical specifications
through to verified implementation.
Every case below is a real example. The companies thought they were compliant. Their systems told a different story.
A cookie was classified as "functional" in the consent interface. Technical analysis showed it was used for cross-session user tracking — requiring explicit consent that was never collected.
Cookie auditThe IAB Transparency & Consent Framework was correctly integrated at the banner level. But consent signals weren't propagating to all downstream vendors — meaning third parties were firing without valid consent.
Consent frameworkTwo business entities were jointly processing personal data. Each assumed the other held controller responsibility. Neither had documented or agreed on a joint-controllership arrangement.
Data governanceInternal systems were processing personal data — names, emails, behavioural records — that had never been mapped to a legal basis in the Record of Processing Activities.
ROPA / Legal basisA vendor onboarding process collected personal data from contacts before a Data Processing Agreement had been signed — creating a compliance exposure window at the point of first contact.
Vendor managementBook a free 30-minute call. No pitch — just an honest look at your current situation. I'll tell you what I see and whether I can help.