our client

WhatConverts is a US SaaS Startup (Software as a Service) firm focusing on marketing optimization. The business provides call tracking software offering users a complete lead tracking and reporting solution for marketers. WhatConverts is valued by its clients in the US and Europe. Processing personal data is central to the firm’s business model and its clients within the EU needed assurance that they the business was GDPR compliant.

the challenge

The General Data Protection Regulation (GDPR) is a law in the EU (2016/679) which provides rules about data protection and privacy for all individuals within the European Union.

For any U.S. SaaS company offering their product in Europe it’s a really significant issue. As a multinational operator WhatConverts’ needed to be confident that their services complied with the GDPR regulations or run the risk of big fines and losing customers.

WhatConverts’ initial search for GDPR compliance experts produced many results, however, , the senior team felt that Apex were the only firm with the necessary skills to really understand their needs. We specialise in GDPR compliance for SaaS companies and understand how the GDPR applies to SaaS products and what what GDPR compliance means for a SaaS company.

the solution

We carried out four different activities for WhatConverts:

1: Data Mapping

Online workshops using Zoom were held with product owners and senior management to map out how data flows through the business. Through this process we can identify what data is collected, where it is stored and who it is shared with.

2: GAP Assessment

Once we understood the existing data collection and storage processes our legal team got to work on a GDPR GAP analysis. GDPR is a far-reaching regulation and not all of it applies to all companies. The team went through each article of the regulation to understand exactly which parts of the regulation applied to the client.

3: Compliance Playbook

With the information we had gathered we went to work producing a GDPR Compliance Playbook for the client. Using easy to follow language we broke down exactly what GDPR compliance would involve for WhatConverts with detailed steps on how to implement the required changes.

4: GDPR Compliance Roadmap

The last thing we produced for the client was their GDPR Compliance Roadmap. Here we set out our recommendations based on urgency and risk to the business in a timeline which suited them.

the results

Once all items on the roadmap were addressed WhatConverts were in a position to assure existing clients as well as prospects that they were GDPR compliant. Confidence in their GDPR programme was seen as a commercial advantage and the company leveraged this in their marketing communications within Europe to grow their market share.  As an ethical company that respects their clients trust in them, WhatConvert’s founders were assured that their business was fully compliant.

about us

Apex is a GDPR compliance firm which works with SaaS companies to get them GDPR compliant. When you sign up for our GDPR Audit we assign a project team to you. Your team will consist of legal, compliance, IT and project management professionals who will get to work understanding you business and developing your compliance strategy.


The Apex GDPR Audit is your first step towards GDPR compliance. It looks at how GDPR applies to your business and gives you a clear action plan on how to become compliant.  The audit gives SaaS companies like yours confidence targeting the European market.

Highlighted Quote:

“Apex was the only company that understood that the SaaS industry collects data differently than other sectors.”

Highlighted Quote:

“The new, transparent policy meets all of the conditions established in the GDPR. Most companies offer a standard formula for GDPR compliancy, but Apex Data Protection tailors their plans to reflect individual data collection procedures accurate”

manage cookies