What we do
Compliance that points at work
Most compliance deliverables are a template filled in for show: correct on paper, disconnected from how the business actually handles data. We go the other way. We map your real processes, data flows and use cases, hold them against the obligations that actually apply to you, and deliver a risk register you can work from. It tells you which gaps are urgent and which can wait.
CAP 01
GDPR and Norwegian data law
Privacy mapped to how you actually collect, store and share data, concrete to your business.
- Data flows and lawful basis mapped out
- Processor agreements and transfers out of the EEA
- Privacy by design and data minimization assessed
- Documentation you can show a supervisory authority
CAP 02
NIS2 and the EU AI Act
The new regimes translated into what they concretely require of your systems and use cases.
- NIS2 readiness where the directive applies to you
- EU AI Act obligations by risk class
- Governance, logging and incident-handling requirements
- Classification of AI use you already run
CAP 03
A risk register you can use
The findings pulled into one usable register, prioritized so it points at the next action.
- Gaps ranked by risk and urgency
- Actions tied to an owner and accountability
- Traceable status from open to closed
- Evidence ready for customer, investor and auditor