Skip to content
Innopulse Consulting

GDPR & revDSG audit for SaaS

SaaS providers in the DACH region who want solid data protection before launch, certification, or an enterprise deal.

Updated: 2026-07

In short

A data protection audit for SaaS checks whether data flows, processing agreements, deletion concept, and technical measures are GDPR- and revDSG-compliant. The output is a concrete finding with prioritised fixes — from people who run SaaS themselves.

SaaS products almost inevitably collect personal data — and thus fall under GDPR and, in Switzerland, revDSG. Many teams only notice gaps during the enterprise sales process: no clean deletion concept, unclear processing, RLS not watertight.

An audit finds these gaps before a customer, an auditor, or an authority does.

What you get

Data flow analysis

Which personal data flows where — including subprocessors.

Processing reviewed

DPA structure and subprocessor chain assessed.

Technical measures

Access control, encryption, tenant isolation (RLS) checked for robustness.

Finding & fix plan

Prioritised findings with concrete, actionable fixes.

How it runs

  1. 01

    Scoping

    Map product, data types, and relevant jurisdictions.

  2. 02

    Analysis

    Review data flows, contracts, and technical measures.

  3. 03

    Finding

    Prioritise findings by risk and effort.

  4. 04

    Handover

    Present the fix plan; optional implementation support.

Price framing

Fixed scope, from CHF 5,500 — depending on product size and data types.

Indicative, not a binding quote — the frame is confirmed during scoping.

Parent service: EU AI Act & Compliance Advisory

FAQ

Do you cover Swiss revDSG too?

Yes. The audit considers GDPR and the revised Swiss data protection act (revDSG) together.

Do you check the technical stack?

Yes, including access control, encryption, and tenant isolation such as row-level security — we run SaaS on this stack ourselves.

Do you support implementation too?

On request. The audit ends with the fix plan; we can optionally support the implementation.

Working on something similar?

GDPR & revDSG audit for SaaS

SaaS providers in the DACH region who want solid data protection before launch, certification, or an enterprise deal.