Fill in 3 fields first. We’ll ask for your email before revealing your score and top 3 gaps.
Your free score shows your compliance level and your top 3 critical gaps. Unlock the complete plan — every gap, every action, board-ready PDF — for €199.
Non-compliance isn't a legal problem. It's a business survival problem.
GDPR, NIS2, DORA, CSRD — each regulation has dozens of requirements. Most companies comply with the visible parts and miss the critical gaps that trigger the largest fines. ComplyIQ maps every requirement against your current situation.
GDPR: up to €20M or 4% of global turnover. NIS2: up to €10M or 2% of global turnover. DORA: up to €5M per incident. CSRD: criminal penalties for directors. In 2025, EU regulators issued €4.2 billion in compliance fines. SMEs are no longer exempt.
A compliance consulting firm charges €300-600/hour for a gap analysis. A full GDPR audit: €15,000-50,000. ISO 27001 readiness assessment: €20,000+. ComplyIQ gives you the same analysis — across 9 regulations simultaneously — for €199. Your complete plan, ready to share.
ComplyIQ covers every major regulatory framework affecting European and international businesses.
General Data Protection Regulation. Data processing register, DPO appointment, consent management, data breach procedures, privacy by design, third-party assessments.
Up to €20M or 4% global turnoverNetwork and Information Security. Incident response plan, supply chain security, business continuity, reporting obligations, board accountability requirements.
Up to €10M or 2% global turnoverDigital Operational Resilience Act. ICT risk management, incident classification, third-party provider oversight, resilience testing, reporting frameworks.
Up to €5M per incidentCorporate Sustainability Reporting. ESG reporting framework, double materiality assessment, taxonomy alignment, supply chain due diligence, audit trail.
Criminal penalties for directorsPayment Services Directive. Strong customer authentication, open banking compliance, fraud monitoring, transaction reporting, third-party provider management.
Up to €5M per breachInformation Security Management. Asset inventory, risk assessment, access control policies, incident management procedures, supplier security assessments.
Loss of certification · contract termination riskService Organization Control. Trust services criteria, security controls, availability monitoring, confidentiality, processing integrity, privacy framework.
Loss of enterprise contractsHealth Insurance Portability and Accountability Act. PHI protection, access controls, audit logs, breach notification, business associate agreements.
Up to $1.9M per violationPayment Card Industry Data Security. Cardholder data environment mapping, network segmentation, vulnerability management, access control, monitoring requirements.
Up to $100,000/month · card processing suspensionActionable. Prioritized. Board-ready.
ComplyIQ Compliance Plan Company: Fintech · 78 employees · London Regulations: GDPR + DORA + PCI-DSS Risk level: HIGH Generated: May 2026 ━━━━━━━━━━━━━━━━━━━━━━━━━━ COMPLIANCE SCORES GDPR: 58/100 ⚠️ MEDIUM RISK DORA: 31/100 🔴 CRITICAL PCI-DSS: 44/100 ⚠️ HIGH RISK TOTAL FINE EXPOSURE: up to €47M ━━━━━━━━━━━━━━━━━━━━━━━━━━ CRITICAL GAPS (Act within 30 days) ① No ICT incident classification system (DORA) Exposure: €5M per unreported incident Action: Deploy classification framework Template: Provided in Appendix A ② Cardholder data environment undefined (PCI-DSS) Exposure: Card processing suspension Action: Map and document CDE scope ③ No DORA third-party register (DORA Art.28) Action: Identify and register all ICT providers Deadline: 30 days · Owner: CTO HIGH PRIORITY (Act within 60 days) ④ Cookie consent incomplete (GDPR) Action: Update consent banner ⑤ Missing penetration test (PCI-DSS Req.11) Action: Schedule annual pen test ⑥ No DORA resilience testing plan Action: Draft annual testing calendar Template: Provided in Appendix B ━━━━━━━━━━━━━━━━━━━━━━━━━━ 90-DAY IMPLEMENTATION TIMELINE Days 1-30: Critical gaps (3 actions) Days 31-60: High priority (3 actions) Days 61-90: Medium priority (4 actions) Ongoing: Monitoring and review POLICIES TO DRAFT (8 identified) ✓ ICT Incident Response Policy ✓ DORA Third-Party Risk Policy ✓ PCI-DSS Cardholder Data Policy ✓ GDPR Data Retention Policy [+ 4 more in full report] REGISTERS TO IMPLEMENT (5 identified) ✓ ICT Provider Register (DORA) ✓ Data Processing Register (GDPR) ✓ Incident Log (DORA + GDPR) [+ 2 more in full report] ━━━━━━━━━━━━━━━━━━━━━━━━━━ ⚠️ For informational purposes only. Not legal or compliance advice.
“I needed a starting point for our NIS2 gap analysis. ComplyIQ gave me a complete map of our gaps — with exposure amounts per gap. I shared it with our board to justify the compliance budget. Approved same week.”
“DORA was completely new territory. ComplyIQ mapped our 11 critical gaps, gave me a 90-day plan, and flagged our ICT provider register was missing — which would have been a €5M exposure. Saved us months of consultant fees.”
“We process card payments and had no idea where we stood on PCI-DSS. ComplyIQ gave us a scored gap analysis. Our score was 31/100. That was the wake-up call we needed — and the roadmap to fix it.”
€199 for a complete compliance roadmap across all your applicable regulations. Less than 30 minutes of consulting fees. More actionable than most audits.
€0 to know your exposure. €199 to fix it. No subscription. No consultant. No wait.