Services GDPR


APIS offers advisory services including individual training and consultancy support for documentation customisation and reporting as required by the General Data Protection Regulation (GDPR) as well as expert advice on implementing GDPR in your organisation.

The advisory services are divided into three packages with a different range of activities, according to the size of the organisation and the type of consultations you need.


  • Introductory organisational activities:
    • Discussion and introduction to the tasks related to the upcoming work;
    • Appointment of a support team of employees of the Controller.
  • Performing an inventory of the personal data in the organisation:
    • Completing a questionnaire for the initial analysis and filling a table with the answers;
    • Discussion about the processing of personal data with employees of the organisation that are holding key positions regarding personal data processing;
    • Creating workflow schemes of the work processes within which personal data is being processed.
  • Expert opinion on the obligation to designate a Data Protection Officer:
    • Clarifying the requirements for mandatory appointment of Data Protection Officer;
    • Assistance in referencing the requirements to the specific conditions in the organisation.
  • Actions to determine if there is compliance with the legal requirements for data protection:
    • Initial data entries in the record of processing activities of the Controller;
    • Initial data entries in the record of processing activities of the Processor (in case the organisation is a processor of personal data);
    • Training of the employees of the Controller’s organisation that are going to maintain the records of processing activities;
    • Preparing a report which contains an assessment of the compliance of the Controller with the GDPR requirements and the measures that need to be taken;
    • Analysis of the required document package that should be prepared or updated according to the specifics of the organisation.


In addition to the services in Package 1, Package 2 includes also:

  • Data protection risk and impact assessment):
    • Risk assessment of the personal data processing activities;
    • Impact assessment (if necessary).
  • Setting up a system of internal policies and procedures:
    • Creating of a complete set of documents (policies, procedures, rules, forms, sample documents), which is relevant to the respective organisation and will create the necessary internal basis for compliance with the regulatory requirements;
    • Entering information in the records regarding the data protection impact assessment and the technical and organisational measures that have been taken;
    • Preparation of a prescription on the necessary and recommendatory organisational measures to be taken;
    • Training of the employees – introducing the employees to the system for GDPR compliance and the obligations that each of them has.


  • Complete undertaking of the GDPR compliance, including the role of Data Protection Officer (DPO)
    • Subscription service on yearly basis in order to ensure constant and continuous functioning of the system for GDPR compliance;
    • Ongoing preparation of prescriptions regarding the needed technical and organisational measures on data protection, that should be taken by the organisation;
    • Assisting in the proper functioning of the procedure of managing data subjects’ requests;
    • Assistance in case that the supervisory authority is conducting an investigation.

Pricelist (excluding VAT) for additional GDPR services

Number of employees in the organisationPackage 1Package 2Package 3 (DPO)
Up to 10 employees 950 lv. 1 800 lv. 350 lv./monthly
From 11 to 50 employees 1 600 lv. 3 000 lv. 450 lv. /monthly
From 51 до 100 employees 2 300 lv. 4 500 lv. 650 lv. /monthly
From 101 до 250 employees 3 300 lv. 6 500 lv. 950 lv. /monthly
Over 250 employees negotiated price  

APIS reserves the right under certain circumstances (data transfer, collection on a large scale of personal data from the Internet, processing of sensitive personal data, etc.) to raise the above prices..

For advisory services in the client's office outside Sofia, depending on the location, the travel costs and travel expenses are added to the above prices.

*The Service under Package 3 concerning the undertaking of the role of Data Protection Officer (DPO) is provided only after the organisation's activities have been fully aligned with the GDPR requirements. The service for achieving GDPR compliance is provided by APIS as described in Package 2. If the organisation has pre-deployed GDPR compliance activities, APIS needs first to check and prepare an assessment of the readiness. For this assessment, 30% of the amount under Package 2 shall be payed. In the event of incomplete compliance, an offer for achieving such compliance will be made, with the price being no more than the value of Package 2, and with deducted amount of the prepared readiness assessment. Clients of APIS GDPR Assistant receive a 50 BGN reduction in the monthly subscription price for the service in Package 3.

For additional information concerning the advisory services, do not hesitate to contact your local sales representative or call 02 / 923 98 00.