Compliance & regulatory affairs

Compliance is not a checkbox.
It is a strategic position.

I help organisations take control of the regulatory landscape — translating complex European legislation into concrete, manageable obligations and embedding compliance structurally across your organisation.

Frameworks I work with

Plan a conversation

← Back to home

Frameworks

How I support you
per regulation

European regulation is stacking up. I help your organisation understand exactly what applies, what is missing and what needs to happen — framework by framework.

GDPR

Data protection

I guide your organisation from baseline assessment to demonstrable compliance — covering gap analysis, records of processing, privacy by design and employee awareness.

GDPR gap analysis and risk assessment
Record of processing activities (RoPA)
Privacy policy, DPAs and cookie compliance
Privacy by Design in processes and systems

NIS2

Cybersecurity

NIS2 places direct responsibility on management for cybersecurity measures. I help determine scope, set up incident response procedures and build the governance structures required.

Scope determination and registration
Risk analysis and security measures
Incident response and reporting procedures
Supply chain security and vendor management

EU AI Act

Artificial intelligence

I help classify the risk level of your AI applications and translate that into the right obligations — from documentation and transparency to governance and oversight structures.

AI inventory and risk classification
Conformity assessments for high-risk AI systems
Technical documentation and transparency obligations
AI governance policy and internal oversight

CSRD & EU Taxonomy

Sustainability reporting

I help structure your sustainability reporting — from double materiality analysis and EU taxonomy screening to data collection and preparation for external verification.

CSRD scope and reporting obligations
Double materiality analysis (ESRS)
EU taxonomy screening and alignment
Data collection, gap analysis and reporting structure

DORA

Digital resilience (financial sector)

For financial institutions and ICT service providers, I set up a DORA-compliant programme covering ICT risk management, incident reporting, resilience testing and third-party oversight.

ICT risk management framework
Incident classification and reporting processes
Digital resilience testing programme
Third-party risk and contract management

CBAM & EUDR

Supply chain & trade

I help organisations map their CBAM and EUDR obligations, set up due diligence systems and build the supply chain transparency required for reporting and market access.

CBAM scope analysis and declaration obligations
EUDR due diligence system
Supplier data collection and chain transparency
Process and system adaptation for reporting

My approach

From inventory to embedding

I work pragmatically and with an organisational focus — no generic checklists, but an approach that fits your sector, scale and risk appetite.

Step 1

Inventory

Map which laws apply to your organisation and prioritise based on risk and impact.

Step 2

Assessment

A thorough gap analysis to understand where you stand today and what the distance to full compliance is.

Step 3

Implementation

Policies, processes and controls are set up or adjusted. Responsibilities are clearly assigned.

Step 4

Monitoring & embedding

Ongoing monitoring, periodic audits and timely adjustment when legislation changes.

Let’s talk

Take control of your compliance — I am here to help.

Whether you need a compliance scan, framework implementation or structural support — I think alongside you pragmatically and strategically.