Senior advisory for enterprises navigating NIS2, DORA, GDPR, and the EU AI Act — at board level, not checkbox level.
NIS2 is now in force. DORA has reshaped financial sector obligations. The EU AI Act is creating new liability for organisations deploying automated systems. Most enterprises know they have exposure — few have the clarity to act on it decisively. The cost of inaction is no longer theoretical.
Every engagement follows the same logic: understand your exposure first, then act on it precisely. The tier you enter at depends on where you are — not on what we want to sell you.
A senior-led regulatory review mapping exactly which obligations apply to your business, where the gaps are, and what needs to happen first. Structured for leadership, actionable from day one.
Defined-scope delivery of a compliance framework, programme, or regulatory remediation. We design the architecture, build the controls, and hand you an operational reality — not a report.
Senior compliance leadership embedded in your organisation on a fractional basis — available for strategic decisions, board reporting, regulatory developments, and incident response when it matters.
Most compliance projects fail because they begin with the wrong diagnosis. We always start with a structured assessment — it removes guesswork, and it earns the right to go deeper.
The Diagnostic identifies which regulations apply, where the gaps are, and what the board needs to know — before any project commitment is made.
Where implementation is required, we scope it precisely to your risk profile — no framework bloat, no unnecessary overhead.
For organisations needing ongoing senior oversight, fractional engagement provides continuity, institutional knowledge, and access when it matters.
HavenCyber Compliance was built from direct board-level delivery — not a career in consulting. Before founding the firm, I spent years embedded inside regulated enterprises, building compliance programmes that had to actually work under regulatory scrutiny, not just pass an audit.
My background sits at the intersection of European law, data governance, and operational risk. I hold an Advanced LLM in Privacy, Cybersecurity and Data Management, and have delivered hands-on GRC programmes across financial services, technology, and critical infrastructure. The clients I work with are enterprises where the stakes are real and the board needs answers, not more complexity.
Most organisations benefit most from starting with the Diagnostic. It takes 4–6 weeks and gives you everything you need to make the right decisions — including whether to work with us further.
We'll review your enquiry and come back to you within one business day.
Your data is handled in accordance with our privacy policy. We collect only what we need to respond to your enquiry.
Your enquiry has been received. We'll be in touch within one business day.
You'll be redirected shortly.
HavenCyber Compliance B.V. · KvK 92071872 · Tilburg, Netherlands
Last updated: [DATE]
HavenCyber Compliance B.V. is a digital regulatory advisory firm registered in the Netherlands (KvK 92071872), with its registered address in Tilburg. We provide senior-level advisory services to enterprises navigating European digital regulation.
For the purposes of this policy, HavenCyber Compliance B.V. is the data controller responsible for the personal data collected through this website. Contact: [[email protected]]
We collect personal data only when you actively provide it to us. This website does not use analytics, tracking cookies, or any third-party scripts that collect data in the background.
When you submit an enquiry through our contact form or send us an email, we collect:
We do not collect any special category data (as defined under Article 9 GDPR) through this website.
Responding to your enquiry — We process your contact details to respond to your message and assess whether our services are a suitable fit. Our legal basis is legitimate interests (Article 6(1)(f) GDPR).
Pre-contractual steps — Where an enquiry leads to a discussion about engaging our services, we process your data to take steps at your request prior to entering a contract (Article 6(1)(b) GDPR).
We retain enquiry data for as long as is necessary to respond to your message and to follow up in the normal course of business. Where an enquiry does not lead to a client relationship, we delete contact data within 12 months of the last communication.
Where a client relationship is established, we retain financial and contractual records for 7 years in line with Dutch tax retention requirements. Personal data that is not required for legal, tax, or contractual purposes is deleted promptly on termination of the engagement.
We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share your data with the following categories of recipients only where necessary:
We are based in the Netherlands and process personal data within the European Economic Area (EEA). We do not transfer personal data outside the EEA in the ordinary course of our business.
Under the GDPR, you have the right to: access, rectification, erasure, restriction, objection, and data portability. To exercise any of these rights, contact us at [[email protected]]. We will respond within one month.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
This website does not use analytics tools, advertising trackers, or any non-essential cookies. We use only technically necessary cookies. If we introduce non-essential cookies in the future, we will update this policy and implement appropriate consent mechanisms.
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure.
We may update this privacy policy from time to time. The most current version will always be available on this website.