HOME/CASE STUDIES

SELECTED ENGAGEMENTS

Cases on the record.

Each entry below is one engagement: what we did, how long it took, what it produced. Anonymised by default. Named on client approval.

ON THIS PAGESIX ENGAGEMENTS

15DORA across 11 ICT functionsBanking & FS
14GDPR programme, special-category dataFEATUREDPharmaceutical
13AI Act classification, 7 modelsEnterprise SaaS
11Post-Schrems II transfer assessmentsRetail group
10NIS2 essential-entity programmeEnergy operator
06AML/CFT remediation, thematic reviewLicensed PSP

REGULATIONS · GDPR · NIS2 · AI ACT · DORA · AML

01 / FEATURED

PHARMACEUTICAL · 4,000 EMPLOYEES · CEE+DACH

Audit-ready GDPR programme stood up in four months.

Eleven priority gaps. Six-month clock. We took the DPO function on day one, rebuilt the programme around special-category data, and delivered a clean response pack in four months.

OUTCOMES● VERIFIED

Audit findings

on supervisory authority review

Time to audit-ready

against 6-month deadline

4 mo

Fines avoided (modelled)

EDPB methodology

€3.2M

DSAR cycle time

from 24 d at programme start

7 d

Vendors remediated

Article 28 DPAs

63 / 63

SCOPE

GDPR programme · DPIAs · Vendor risk · Cross-border transfers · DPO-as-a-Service · Authority liaison

LEAD

Ivana Šarić

DURATION

4 months · 7 practitioners

Read the full case10 MIN →

02 / OTHERS

Other engagements.

FIVE ON FILE

CASE 15Regional bank

DORA implementation across 11 ICT functions, on schedule.

ICT functions · 6 mo

DORA · NIS2 alignment · Incident reporting→

CASE 13Enterprise SaaS

AI Act classification of 7 production models, kept the Q2 release.

Models · 12 wk to ship

AI Act · GDPR · Annex IV→

CASE 11Retail group

Post-Schrems II transfer assessments across the vendor estate.

TIAs · 92% remediation

Art. 46 · TIA · SCCs→

CASE 10Energy operator

NIS2 essential-entity programme passed authority review.

Conditions imposed

NIS2 · Incident SOP · Supply chain→

CASE 06Licensed PSP

AML/CFT remediation closed all twelve actions from a thematic review.

12 / 12

Actions closed · 5 mo

AML · CFT · Sanctions · CDD→

03 / HOW WE PUBLISH

What we publish, what we keep confidential.

NDA-first

Every engagement starts under mutual NDA. Cases publish only with written client approval.

Anonymised by default

Sector, scale, jurisdiction, outcome. Names appear only when the client wants the credit.

References on request

Named references after engagement letter is signed and the reference client consents to the introduction.

04 / GET STARTED

Same shape, your problem.

Senior partner on the call. Scoped engagement letter inside two weeks of the first conversation.