Ongoing Privacy Advisory

Privacy Officer Advisory for Tech Companies

Senior privacy judgment on tap, without the overhead of a full-time hire. An annual retainer built around available time, not a running hour count you have to watch.

Advisory, Not a Fractional Officer

Privacy Officer Advisory is an annual retainer that gives your team ongoing access to senior privacy judgment, led by Ross Saunders, CIPP/E, without hiring a full-time privacy officer.

If you are looking for a fractional privacy officer, here is the honest version: in several jurisdictions, the designated privacy officer role has to sit inside your organization, not with an external contractor. What you want is senior privacy judgment available whenever you need it, and I work alongside whoever holds that role internally, even if that is someone doing it off the side of their desk.

It runs as an annual retainer built around available time, not a running hour count. There is nothing to track against an invoice. I scope and deliver work against the roadmap and priorities we agree each month, and if a month runs heavier than usual, the answer is never a surprise bill. Less urgent items simply move out, and if that becomes a pattern rather than the exception, that is a conversation about whether the other tier fits better, not a bigger invoice.

Foundation vs Embedded

Same model, different scale. Here is the practical difference.

  Foundation Embedded
Built for A single product and a single jurisdiction, building the privacy foundation. Multiple products or jurisdictions, with privacy decisions happening constantly.
Availability Steady, standing availability with a regular check-in. Priority, beck-and-call availability, closer to being part of the team.
Assessment A right-sized annual privacy risk review. The full interview-led Privacy Impact Assessment or DPIA.
Engineering & product Spec and feature review as things come up. A standing presence in sprint planning and architecture reviews.
Best for Earlier-stage teams putting their privacy foundation in place. Teams where privacy touches something new most weeks, not most quarters.

What's Always Included

Both tiers share the same working baseline. The difference is scale, not substance.

What's never included: incident and breach response. That is unplanned, urgent work, and it is always scoped and priced separately, so a bad week never quietly eats into your roadmap.

Foundation and Embedded

Billed monthly under a 12-month term, or pay annually and save. Either way, 30 days notice before renewal if you want to change tier or step away.

Save 2 months, billed annually
Foundation
$34,995

per year, billed annually

A single product, single jurisdiction.

  • Everything in the shared baseline
  • A right-sized annual privacy risk review
  • Standing availability with a regular check-in call
  • Roadmap support scoped to one product
  • Support for a first security questionnaire or investor ask
Book a Discovery Call →
Custom Solution
Custom

Need something in between?

  • For multiple entities or brands that don't fit neatly under one tier
  • For a mix of complexity, Embedded-level involvement where it's needed, Foundation-level everywhere else
  • Blended from Foundation and Embedded, not a new set of terms
  • Scoped around your situation, not resized from a template
Talk Through Scope →

Not sure which fits? A 15-minute discovery call is the fastest way to find out.

Dedicated Day per Week

No other client work during your reserved time. This is advisory on your own terms, for when you want to call the shots without an annual commitment.

Subject to advance notice and planning.

$16,000 per month

Talk Through Scope →

Not Quite What You Need?

Just Need an Assessment?

Embedded includes the full Privacy Impact Assessment or DPIA. If you only need the assessment itself, without an ongoing retainer, that is its own service.

See PIA & DPIA services →
Want It in the Code, Not Just the Room?

Fractional Privacy Engineering goes deeper into the day-to-day development workflow, at the code and architecture level, alongside a retainer or on its own.

See Fractional Privacy Engineering →

Advisory Retainer Questions, Answered

What does "available time" actually mean?

It means ongoing access to senior privacy advisory without tracking hours against an invoice. I scope and deliver work against the priorities and roadmap we agree each month, not billed hour by hour.

What happens if a month is unusually heavy?

Work queues and less urgent items move out, rather than triggering a surprise invoice. If that becomes the pattern rather than the exception, the right move is usually a conversation about the other tier, not a bigger bill.

What is the difference between Foundation and Embedded?

Foundation is right-sized for a single product and jurisdiction, with a lighter annual risk review. Embedded is for multiple products or jurisdictions with a constant stream of privacy-relevant decisions, and includes the full Privacy Impact Assessment or DPIA plus a standing presence in product and engineering discussions.

Is incident or breach response included?

No. Incident and breach response is unplanned, urgent work, and it is always scoped and priced separately so a bad week never derails the roadmap or eats into the retainer.

Are you my designated privacy officer?

No, and that is deliberate. Several jurisdictions require the designated privacy officer role to sit inside the organization, not with an external contractor. This is senior privacy advisory on tap, and I work alongside whoever holds that role internally, even if that is someone doing it off the side of their desk.

What is the contract term?

Twelve months, billed monthly or upfront for a discount, with 30 days notice required before renewal to change tier or step away.

Find the Right Fit

The discovery call is 15 minutes. No commitment, no pitch deck. We talk through your product, your jurisdictions, and which tier actually fits.

Advisory led by Ross Saunders, CIPP/E, with 15 years in privacy and cybersecurity and a background in software and SaaS leadership.

Last updated 1 July 2026