Service 03
A precise, scored assessment of your current privacy posture against every applicable US state law. You get a gap report, a risk score by category, and a prioritized remediation roadmap — delivered in two weeks.
What You Receive
The Privacy Gap Analysis is a bounded project with a clear start and a defined end. No open-ended retainer required. You get a precise, scored assessment of your current privacy posture against every applicable US state law — and a roadmap that tells you exactly what to do next.
The Gap Analysis is the right starting point if you know you have exposure but are not sure how much — or if you want a concrete recommendation before committing to an ongoing retainer.
Engagement Summary
Applicable Law Determination
A definitive list of which US state privacy laws apply to your business, based on your states served, revenue, consumer record volume, and data practices. No guessing — a clear answer.
Scored Gap Report
Every applicable law requirement mapped against your current state. Each gap scored by severity — Critical, High, Medium, or Low — so you always know where to focus first. Not a checklist. A decision tool.
Data Inventory Summary
A working map of what personal data you collect, where it lives, how it is used, and who has access to it. The foundation for every compliance decision you make going forward.
Vendor Exposure Summary
A review of your third-party tools and vendors against your DPA obligations. Flags missing agreements and identifies the highest-risk sub-processors in your stack.
Prioritized Remediation Roadmap
A sequenced 90-day action plan. Tells you exactly what to do, in what order, and why — calibrated to your actual risk level and internal capacity. Not a generic framework.
60-Minute Readout Session
A live walkthrough of findings with your leadership team. You leave with a clear picture of where you are, what it means, and what comes next. Questions answered in real time.
How It Works
Intake
A structured questionnaire covering your business model, data practices, vendor stack, and existing privacy measures. Takes about 45 minutes to complete.
Day 1–2
Analysis
Your current state benchmarked against every applicable law. Gaps are identified, categorized, and scored. Analysis is specific to your business — not generic.
Day 3–8
Report Delivery
Written gap report and remediation roadmap delivered. You receive it before the readout session so you can come prepared with questions.
Day 9–12
Readout Session
60-minute live walkthrough. We review findings together, answer questions, and agree on next steps — whether that's a retainer, project work, or internal execution.
Day 13–14
Who This Is For
Common Questions
How is this different from the free assessment on this website?
The free assessment is a self-reported screening tool that gives you a general sense of your risk tier. The Gap Analysis is a full engagement — I review your actual documents, vendor agreements, and data practices, then produce a scored report specific to your business. The deliverables are completely different.
What do I need to provide?
A completed intake questionnaire, your current privacy policy and any related documents, a list of your key vendors, and access to a brief interview. Most of the work happens on my end.
What happens after the Gap Analysis?
You receive a prioritized roadmap. You can execute it internally, hire us for project-based remediation work, or move into a retainer. There is no obligation to continue — the report stands on its own as a useful deliverable regardless of what comes next.
Can the Gap Analysis be used for investor due diligence?
Yes. The written report is structured to be readable and useful for investors, board members, and enterprise partners who want to understand your privacy posture. It is not a legal opinion, but it is a credible, documented assessment.
Book a free 30-minute discovery call and we will confirm this is the right starting point for your situation.