Contact us

GDPR enforcement support

We can help you act with confidence in case of a GDPR enforcement action - both proactively to set up the necessary processes and templates for the future and provide direct advice and support in case of an impending enforcement action.

Proactive management of enforcement actions - soft audit

We can offer services to improve your organisation's audit readiness in a so-called soft audit. We review a selected business process and train your audit response team and at the same time evaluate your organisation's audit readiness.

The audit response team will receive real-life training in managing the lead supervisory authority's Desk Supervision and Field Inspection processes. We will evaluate the organisation's performance in written and oral form, with likely sanctions and commercial consequences. Our team will review and implement best practice in the form of an end-to-end process, complete with templates, checklist and presentation materials. Mitigate prioritized gaps from pre-study, soft audit and other known issues, suggesting specific measures to implement.

A soft audit is an efficient way to assess, evaluate and train your audit readiness and data compliance.

  • Soft Audit is carried out similar to an actual audit by the Swedish Supervisory Authority.
  • Having a desk survey (with a range of questions of processing) as well as a field inspection will provide a view of your organization’s compliance and areas of improvements.
  • Start by implementing/confirming organisation for the audit response team and basic instructions.
  • Field Inspection will be carried out with Partner, Information Security specialist and other suitable resources.
  • Additional materials to be submitted to Sharp Cookie Advisors for evaluation of compliance.
  • Evaluation will be presented at meetings and in writing as a written report.
  • The soft audit can be managed during 3-6 weeks (depending on the client’s resources & availability)

Business Model

Price example project – preparing a leading retailer for a potential inspection from the supervisory authority consisting of an internal review (a "soft audit"), including several workshops with preparation, conducting the legal and best practice analysis soft audit mimicking the actual processes used by the supervisory authorities, follow up meetings and report to management/DPO we offered a price estimate for our work in the range of SEK 120 - 190 kSEK (exclusive of VAT).

Active management of an enforcement action

Experienced, practical expert advice at your disposal to ensure an efficient and fair audit process. Let us help prepare your position and argue before the supervisory authority to provide your organisation with the best possible outcome. We are proactive, solution-driven and provide hands-on advice and support with great attention. We have extensive experience in leading several high-profile clients' enforcement actions vs the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY).

We can act as your advisor in real-life audit situations, supporting the DPO and audit response team:

  1. audit startup with analysis, planning, training, strategy
  2. during the audit with analysis, strategy, creating corrective measures
  3. post-audit with implementing corrective measures, drafting response to authority

Our in-house legal and quantitative analytics of GDPR sanctions provides a leading understanding of risks and possible financial sanctions.

Through the initial hands-on analysis of potential risk exposure, let us support you through the entire enforcement process from the initial legal analysis of the situation, determining of strategy for senior management, taking decisive actions to mitigate any risk exposure, preparing and addressing the Supervisory Authorities requests to advising on a suitable media strategy.

  • Rapid analysis of the areas for inspection to assess existing compliance level
  • Present solutions that mitigate prioritized risks and implement any measures if necessary
  • Corrective measures in the pre-audit phase are identified and implemented through workshops and presentations with DPO and the team.
  • Prepare/review materials and reply to the lead supervisory authority and train the audit response team.
  • Expert advisor at your side during the audit, early identification of concerns, misconceptions at the lead supervisory authority, management of confidentiality etc.
  • Post-audit analysis of the lead supervisory authority's protocol, advise on possible supplementary materials to the lead supervisory authority.
  • Analysis of the lead supervisory authority's decision, implementation of advice or possible appeal of the lead supervisory authority's decision
  • We can also check if you have coverage from your cybersecurity insurance.

Please take advantage of our expert advice regarding the supervisory authority's corrective powers and ensure you are taking the right measures at the right time to minimise the risk of a penalty fee.

Business Model

We offer our services based on our hourly rates and are open to providing volume-based pricing or retainer for longer assignments depending on your needs and preferences.


Let's get in touch

No obligations for the first contact; clear costs; confirmation before billing starts and often fixed prices.
Copyright © 2015-2023 All rights reserved Sharp Cookie Advisors AB
cross-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram