GDPR Compliance
for Digital Companies

Are you fully GDPR Compliant?


The General Data Protection Regulation (GDPR) is central to data privacy laws and failure to comply could cost your company milions.

Being GDPR-ready is not a one-time project, it’s an ongoing approach to your business.

What you will need to be fully compliant:

 Security Policy Document

 DPIA (Data Protection Impact Assessment)

 Responsibility Matrix for Data 

 Vendors & Employees Policies

 External Data Owners Policy

Data Breach Procedure

GDPR Compliant Terms & Conditions

Verify & Name a DPO (Data Protection Officer)

Contact us to become GDPR Compliant

Generating a Policy online is not enough to be GDPR Compliant

There are millions of tools online that could help you to generate a Privacy Policy but that is not enough to be compliant.
Discover what are you missing to be fully compliant and operate within EU Borders.

GDPR Compliant

A quick test to help you understand your level of Compliance.

Every Asset you will need to Become GDPR Compliant

A simple Privacy Policy is not enough. Everything you need to become GDPR Compliant.


Security Policy Document

The main document that describes which processes and actions would be undertaken by the Company to be compliant with GDPR. If this document is properly prepared, it allows to be conformant the principle of Accountability (aka “Diligence of the owner).


DPIA (Data Protection Impact Assessment)

This document describes and defines risks and actions to be taken under specific circumstances, from Marketing communications to Data Breach..



Employees & Vendors Data Processing Policy

In the Employees & Vendors Data Processing Policy is a document that should be shared both with Employees and Vendors, before starting to treat and manage Personal Data. It could be provided directly (eg. via email) or available for download within the app or website.


Data Breach Policy

Each GDPR Compliant Entity shall have a specific register where Authorities can access to see potential data breaches and actions undertaken to mitigate or reduce the impact of the problem.


Processor of Personal Data Treatment

In case the Company provides information to third parties (eg. Analytics), it is mandatory to prepare all necessary documentation and process to be sure the right actor can guarantee the responsability to process each data.

DPO (Data Protection Officer)

Main point about GDPR and often misunderstood.
It is a necessary Rule: an expert in protection and data processing, that collaborates with the company and will be at the same time, the contact point for the Government in case of audit. This is a mandatory subject that shall be appointed by the company and that we provide included in our service.

How we can help?

IT Services and Lawyer Services, combined. A 360° Solution for your business



Assessment & Audit

Our Team of Lawyers specialized in GDPR and Privacy will help you assess from a regulatory perspective and provide all the documentation you will need.

Technical Project Management

Our Team of Technical Project Managers will help you to understand and bridge between law requirements and technical needs, to help you assess, plan and execute everything you will need to be compliant.


Regulatory Compliance

Our Team of Lawyers will help you to prepare all necessary documentation (Privacy Policy, Terms and Conditions) tailored to your needs


DPO & Ongoing support

GDPR is not a one-time process but an ongoing support. And with an appointed outsourced DPO we can provide an Enterprise Class level service for your needs.


Full European Coverage

With our services you will be covered in all European Union, no matter where you do business.

About LucianoCastro

LucianoCastro is a Project Management and Product Management Firm specialized in Digital Projects. With over 2000 projects completed in 10 years and 15+ Senior Project Managers and Product Managers, we work on  Agile, Scrum, Lean and Waterfall methodologies.

About LucianoCastro

About FW Law

FF Law is an Italian Law Firm specialized in GDPR Compliance and Privacy. With over 15 years of experience and a multidisciplinary team, we provide a 360° coverage on every matter relating to privacy, GDPR and compliance.

About FW Law
Our Methodology

Our Methodology

Starting with a first assessment of your situation, our team of Product Managers and Projects managers will help you to understand your current situation and your needs. Our team of lawyers will guide you through all your needs and requirements to become compliant.

 Is my Website, App or Service covered in the whole Europe?

Is my Website, App or Service covered in the whole Europe?

Our service will provide you not only every document you will need to be covered fully in every country in Europe but with our DPO we will be your contact point in Europe for every matter regarding GDPR and PRivacy.


Chosen by over 300 companies in Europe and US


“That was smooth!
I thought becoming GDPR compliant would be a painful process but I managed to have all our websites fully compliant in time for our peak of sales.

John S.

“Everything covered. I received not only the documentation but they managed, with my team, to implement it along the process and prepare everything in the right place.

Sabrina M.

 European GDPR Compliance

  GDPR for Digital Companies is the simplest, most practical and safest way to become compliant.

IT Consultancy & Setup

No idea how to change and what to change?
Give us a call and we will assess your current situation to help you find the right vendor or manage your team into the compliancy process.


PRINCE2®, MSP®, P3O®, ITIL®, M_o_R®, MoV®, P3M3®, PRINCE Agile® and MoP®
are registered trademarks of AXELOS Limited. All rights reserved.

PMBoK® and PMP® is owned by the Project Management Institute.