DACTS
DACTS helps European organisations navigate the evolving landscape of cyber, privacy, and GRC regulation — from NIS2 to GDPR to the EU AI Act — with senior expertise and measurable outcomes.
EU Regulatory Coverage
consulting experience
(CISA · CRISC · CDPSE · ISO 27001)
End-to-end compliance services
From initial gap assessment through to Board-ready governance reporting, we deliver structured, practitioner-led programmes across our core disciplines.
Cybersecurity
Threat-led security programme design, maturity assessment, and control implementation aligned to leading frameworks. From NIS2 technical measures to NIST CSF 2.0 maturity modelling.
Privacy & Data Protection
Operational GDPR compliance, privacy-by-design embedding, DPIA delivery, and cross-border data transfer structuring. Practical, audit-ready programmes.
Governance, Risk & Compliance
Enterprise GRC framework design, risk appetite setting, and Audit Committee–ready reporting. Independent assurance and third-party risk management programmes.
AI Governance
EU AI Act readiness assessment, risk classification, and governance programme design. Helping organisations build compliant, trustworthy AI systems.
Digital Resilience & DORA
ICT risk management, operational resilience testing, incident classification, and third-party ICT risk. Full-lifecycle DORA readiness for financial entities.
Compliance Assurance
Independent readiness assessments, control testing, evidence packs, and audit support. Regulator-ready deliverables for internal audit and supervisory review.
Deep expertise across EU frameworks
We work with the regulations shaping European digital business today — with programme-level depth and hands-on delivery experience.
NIS2 Directive
Cybersecurity risk management, incident reporting, and management body accountability across essential and important entities. National transposition variances handled — including Cyberbeveiligingswet (NL).
GDPR
Operational privacy programmes: DPIAs, ROPA, transfer mechanisms, DPO advisory, data subject rights operations, and controller-processor relationships.
EU AI Act
AI system inventory, risk classification, prohibited/high-risk analysis, conformity assessment readiness, and governance for GPAI models.
DORA
ICT risk management framework, digital operational resilience testing, ICT third-party risk, and major incident reporting for financial entities.
A structured, five-stage methodology
Every engagement follows a proven delivery approach — designed to move from assessment to embedded compliance with clarity at every step.
Scope & Assess
Regulatory scope confirmation, current-state gap assessment against target frameworks, and materiality-based prioritisation of findings.
Design
Target operating model, control library, policy framework, and roles & responsibilities aligned to your organisational structure.
Implement
Hands-on implementation working alongside your teams — control design, policy authoring, technical control specification, and process integration.
Assure
Independent testing, evidence pack preparation, internal audit interface, and readiness for supervisory or regulatory review.
Sustain
Ongoing governance rhythm, KRI/KPI dashboards, control monitoring cadence, and capability transfer for embedded internal ownership.
Professional certifications
Industry coverage
Senior expertise, delivered directly
DACTS was founded on a simple principle: senior compliance work should be delivered by senior practitioners — not junior consultants operating under distant partner oversight.
Years of consulting experience
Two decades of end-to-end consulting delivery — from Board-level advisory to hands-on control implementation across complex, regulated organisations.
Active certifications
CISA, CRISC, CDPSE, and ISO 27001 Lead Implementer — maintained and current, ensuring regulatory advice is grounded in recognised professional standards.
Netherlands-based, EU-focused
Based in The Hague with deep familiarity of the Dutch regulatory environment and the broader EU regulatory landscape. Local presence, European reach.
Regulator-ready deliverables
Every deliverable is structured to withstand regulatory inspection — gap registers, maturity models, evidence packs, and Board reports.
Embedded, not advisory-only
We work inside your programme, not outside it. Control owner interviews, policy drafting, and cross-team coordination — hands-on delivery alongside your people.
Ongoing relationship
Compliance is not a point-in-time exercise. We structure engagements to build internal capability and support continuous improvement.
Meet the Founder
Vikas Gupta is a senior cybersecurity, risk, and compliance leader with over two decades of end-to-end consulting and programme delivery experience across Europe and Asia. Throughout his career he has worked embedded within some of the world's most complex organisations — navigating regulatory change, building security governance frameworks, and translating technical risk into language that resonates at Board and ExCo level.
Vikas spent more than 13 years at Accenture, where he advised Fortune 500 clients and large European enterprises on cybersecurity strategy, IT risk, data privacy, and compliance transformation across financial services, telecoms, energy, retail, and technology.
He is currently engaged at Booking.com as NIS2 Programme Manager delivering a cross-country NIS2 and NIST CSF 2.0 maturity programme via Randstad Enterprise / Yacht.
Vikas founded DACTS Trust & Compliance B.V. to bring enterprise-grade expertise to organisations of all sizes — combining large-firm methodology with the agility and senior attention only a specialist boutique can deliver.
Clients Served
Senior consulting engagements delivered across some of Europe's most complex regulated environments — spanning energy, technology, telecoms, FMCG, financial services, and e-commerce.
Client engagements delivered by the DACTS founder over 20+ years of senior consulting — primarily through Accenture, and via subsequent independent and DACTS engagements. Client names are used with reference to engagement history and imply no ongoing endorsement.
Our Advisory Board
DACTS draws on a network of senior practitioners and industry leaders who provide strategic guidance, domain expertise, and sector-specific insight to enhance our consulting programmes.
Ready to strengthen your compliance posture?
Whether you have an imminent regulatory deadline or are building a long-term compliance programme, we'd welcome a conversation about how DACTS can help.