From First Engagement to
Board-Ready in 24 Weeks
Four phases. A structured timeline. A defensible legal artefact at every stage. This is not an open-ended consulting engagement. It is a defined implementation with clear deliverables and measurable outcomes.
Before building anything, the organisation needs to know exactly where it stands — not approximately, but precisely. This phase establishes the factual baseline.
Deliverables
- Comprehensive data flow mapping across every business unit, vendor, and processor
- Statutory obligation inventory — every DPDPA provision mapped to your specific operations
- Consent landscape audit — current state of consent capture, evidence, and withdrawal mechanisms
- Cross-border transfer exposure analysis under Section 16
- Children’s data processing assessment under Section 9
- Current-state Vibe Pulse Score (VPS) baseline measurement
- Stakeholder interviews across legal, IT, HR, marketing, and leadership functions
- Third-party and sub-processor data sharing inventory
Key Artefact
Exposure Assessment Report — a Board-presentable document that becomes your compliance baseline.
In Practice
This phase is thorough by design. Most organisations discover that what they believed was compliant is actually a collection of assumptions held together by a privacy policy and a cookie banner that were never properly configured. The Exposure Assessment maps, measures, and presents the factual position without assumptions.
Frequently Asked Questions
Begin the Process
The first conversation is confidential. No templates. No generic proposals. A practitioner\u2019s assessment of exactly where your organisation stands.
Request Assessment