GDPR Compliance for Small Organizations
GDPR applies to you, but enterprise compliance solutions don’t fit your budget or size. You need practical, affordable guidance from someone who understands both the regulations and the technology.
The Challenge
Small organizations handling personal data face a difficult position:
- GDPR requirements are mandatory regardless of company size
- Enterprise compliance solutions cost more than your entire IT budget
- You lack dedicated legal or compliance staff
- You’re not sure if you’re compliant or exposed
- Maximum fines are significant (up to 4% of global turnover)
You need help right-sized for your reality.
What We Deliver
| Deliverable | Description |
|---|---|
| Data Mapping | What personal data you collect, where it’s stored, who accesses it |
| Privacy Policy Review | Audit and update notices for compliance and clarity |
| Gap Analysis | Where you’re falling short, prioritized by risk |
| Breach Response Plan | Documented procedures for incidents |
| Staff Training | Practical guidance for handling personal data safely |
| Documentation | ROPA, legitimate interest assessments, required records |
Engagement Options
| Package | Investment (NOK) | Best For |
|---|---|---|
| Quick-Check | 8,000 | Micro-business (<10 employees) |
| Compliance Assessment | 18,000-25,000 | Small business (10-25 employees) |
| Implementation Package | 35,000-50,000 | Professional services firms |
| Annual Review | 12,000-15,000 | Existing clients, ongoing compliance |
| Outsourced DPO | 5,000-10,000/month | Organizations requiring DPO function |
Why FTRCRP?
- Technical understanding. We know how data actually flows, not just legal checklists
- Right-sized. Solutions designed for small organizations, not scaled-down enterprise
- Affordable. No Big 4 overhead passed to you
- Educational. We build your capability, not dependency
The Outcome
After working with us, your organization will have:
- Clear understanding of your data processing activities
- Compliant privacy notices and policies
- Staff trained on handling personal data
- Documentation for regulatory inquiries
- Peace of mind about your compliance posture
Regulatory Context
- Datatilsynet priorities for 2025: AI, data sharing, municipal data processing
- E-Com Act (effective Jan 2025) adds tracking/consent requirements
- Maximum fines: EUR 20M or 4% global turnover, but proportionate enforcement for SMBs
- Honest effort at compliance goes a long way with regulators
Target Clients
- Small law firms (client confidentiality)
- Healthcare practices (patient data)
- Accounting firms (financial records)
- SMBs handling customer personal data
- Organizations with 5-50 employees
Do You Need a DPO?
Under GDPR, you need a Data Protection Officer if you:
- Are a public authority/body
- Core activities involve large-scale systematic monitoring of individuals
- Core activities involve large-scale processing of special category data
Most small businesses don’t require a DPO. If you do, we offer outsourced/virtual DPO services as a more affordable alternative to hiring internally.
Ready to Get Started?
Free 30-minute consultation to assess your situation.
Email: HAL0zum@proton.me
FTRCRP | Ethics-first technology consulting