GDPR compliance without the headache.
Properly implemented cookie consent, policies written for your business (not copy-paste from another site), mapped data flows, short DPIA when needed. From RON 1,500. Delivery in 1–2 weeks.
Why real GDPR matters, not checkbox GDPR
Regulation 679/2016 (GDPR) has been in force since 2018, but most Romanian sites do only the visible minimum: a cookie banner with 'Accept all' that blocks nothing. ANSPDCP has issued fines of tens of thousands of EUR for exactly such schemes — not for missing banners, but for fake consent.
Real compliance means: (1) cookie consent that actually blocks tracking until acceptance (Google Analytics, Meta Pixel, Hotjar do not load without consent); (2) privacy policy written based on the real flows of your site (what data you collect, from whom, for what purpose, with whom you share, how long you keep); (3) right to access, erasure, portability implemented in admin; (4) DPIA when processing sensitive data.
We deliver a complete kit adapted to your business, not a generic template. All documents are legally reviewed (we have a certified DPO partner) and updatable when flows change.
What you get
Everything you need to sleep peacefully if ANSPDCP calls tomorrow.
- Cookie consent banner (Klaro, Cookiebot, or custom) with real tracking blocking
- Granular configuration: essential, analytics, marketing, third-party — user picks per category
- Privacy policy written for your business (RO + optional EN)
- Cookie policy with exact listing of all cookies (name, purpose, duration, third party)
- Terms and conditions updated to 2026 legislation
- Data flow mapping: what comes in, what goes out, with whom we share (subprocessors)
- DPIA (Data Protection Impact Assessment) when processing sensitive data
- Right to access/erasure/portability implemented in admin panel
- Contact form for DPO requests + automatic notification
- Processing records register (mandatory over 250 employees or systematic processing)
- Staff guide: how to respond to GDPR requests, escalation path
- Optional annual audit for updates when business changes
Good fit if...
- You have a live site and process personal data (contact form, newsletter, orders, accounts)
- You use Google Analytics, Meta Pixel, Hotjar, or other tracking tools
- You have an online shop with payments and collect data for invoicing/delivery
- You sell in EU and need to demonstrate compliance at every audit
- You received an ANSPDCP complaint or learned a competitor was fined
Not a fit if...
- Your site is purely static, no tracking, no contact form — then you only need a minimal policy (we offer RON 500 quick setup)
- You're looking for 'cheapest GDPR' at RON 300 — there are services selling templates, but they don't cover you at audit
- You want only the cookie banner without changing anything in code — we recommend not working with us then, compliance isn't solved with a banner
How it unfolds
Four stages, focus on really understanding your flows.
- 01
Audit (3-5 days)
We inventory what data you collect, from where, with whom you share, how long you keep. We identify active tracking tools.
- 02
Document writing (3-5 days)
Privacy, cookies, T&C policies — written specifically for your business. Legal review included.
- 03
Technical implementation (3-5 days)
Cookie consent with real blocking, granular opt-out, right to access/erasure in admin panel.
- 04
Training + handover (1-2 days)
Live session with staff: how to respond to GDPR requests, how the panel works, escalation path.
Tools used
- Klaro (open-source, custom configured) or Cookiebot for consent management
- Google Tag Manager with Consent Mode v2
- Iubenda or TermsFeed for policies (when you want easy management)
- Posthog or Plausible as analytics alternatives without cookies
- Certified DPO partner for legal review
- ANSPDCP guidance updates monitored continuously
Indicative pricing
Varies with site complexity and data flow volume.
From RON 1,500 for simple presentation site (cookie consent + policies + T&C). RON 2,500-3,500 for online shop or platform with GDPR rights in panel. DPIA addition: +RON 1,000. Annual audit: RON 800. Quick 'minimum required' setup for static site: RON 500.
Frequently asked questions
Is the Cookiebot banner at EUR 25/month enough?
For technical consent yes, the Cookiebot banner is good. But it must be configured correctly (blocks tracking until acceptance) and does NOT exempt you from a privacy policy written for your business. The banner is 20% of the GDPR kit.
Can I use a policy template found online?
Technically yes, risky. The policy must describe EXACTLY what data YOU collect, with whom YOU share, how long YOU keep. A generic template doesn't cover specific cases and is the first issue at ANSPDCP audit.
What is DPIA and when do I need it?
Data Protection Impact Assessment — formal risk analysis mandatory when processing sensitive data (health, religion, political orientation), large-scale data, or systematic monitoring. For a standard online shop, NOT required. For a medical booking platform, YES.
What do we do if I get a GDPR request from a client?
Response within 30 days with requested information (access) or requested action (erasure, rectification). We implement in admin panel a dashboard showing received requests and an 'export data' or 'delete user' button with one click.
What penalties exist for non-compliance?
GDPR allows up to EUR 20 million or 4% of global turnover (whichever is higher). In practice, ANSPDCP issued fines between EUR 1,000 and EUR 100,000 for Romanian companies. Real sums: RON 1,500 setup vs EUR 10,000 fine — the math is simple.
Do you also do GDPR for mobile apps?
Yes, principles are the same. For apps we add consent flow at onboarding, right to delete account in Settings, data export in CSV.
Want to be GDPR-compliant without breaking your head?
Send us your site URL. We do a quick free audit and tell you what we find — even if we don't move forward.