Leadership

Built by a regulatory compliance lawyer, not an observer.

Egoyibo Okoro

Founder & CEO

Priventia was founded by Egoyibo Okoro, a privacy and AI governance lawyer with experience designing regulatory compliance programmes across Europe, Africa, the Americas, APAC, and the Middle East.

Her work focuses on translating complex regulatory obligations into operational governance frameworks that organisations can implement and defend under regulatory scrutiny.

Prior to founding Priventia, Egoyibo worked across multinational organisations advising on privacy governance, regulatory compliance, and emerging AI governance frameworks.

Priventia reflects that practitioner experience: a platform designed around how regulators actually evaluate compliance programmes, not how compliance questionnaires are typically structured.

74%

Compliance Score

Jurisdictions

Open Findings

89%

Controls Effective

Jurisdiction Coverage

EU GDPR

82%

UK GDPR

78%

NDPA 2023

65%

EU AI Act

58%

POPIA

71%

CCPA/CPRA

69%

Domain Health

Data Subject Rights81%

Lawful Basis76%

International Transfers62%

AI Risk Management54%

Impact Assessments73%

Records & Documentation88%

Open Findings

Critical

High

Medium

Low

Simulated data for illustration

Design principles

How Priventia thinks about compliance.

⚖

Lawyer-designed methodology

Every assessment structure, decision rule, and control mapping is grounded in how supervisory authorities actually evaluate compliance programmes, not how questionnaire vendors model compliance as a survey.

◈

Assessed outcomes, not self-declaration

Maturity scores and impact assessment outcomes are determined by Priventia from structured inputs. No compliance tool should allow an organisation to declare its own maturity level; Priventia does not.

□

Full evidence chain

Every conclusion links to evidence. Every control links to an obligation. Every obligation links to source law. The traceability standard Priventia applies is the standard regulators and courts apply.

◉

Multi-jurisdiction from day one

Designed for organisations operating across GDPR, African data protection laws, US state privacy law, and EU supply chain due diligence obligations simultaneously, not a GDPR tool with bolt-on modules.

◎

Audit-defensible framework

Priventia produces deliverables structured to withstand regulator review. The test is not whether a PDF looks professional; it is whether the documentation holds up when a supervisory authority examines it.

◐

Built for the teams responsible for compliance, not procurement checklists

Priventia is designed for the compliance team running the programme, the DPO briefing the regulator, and the legal counsel defending the organisation, not for procurement checkboxes.

⬡

Supply chain due diligence as a legal obligation

The CSDDD, LkSG, UK Modern Slavery Act, and French Duty of Vigilance impose specific due diligence obligations on in-scope organisations. Priventia treats these as enforceable legal requirements, not voluntary ESG commitments.

◇

Five governance domains, one traceability chain

Privacy, AI governance, corporate due diligence, cybersecurity, and trust and safety share the same compliance architecture: regulation to obligation, obligation to control, control to evidence. Priventia applies this traceability chain consistently across all five domains.

Regulatory coverage

Built for the world's
privacy landscape.

Most compliance tools are built for GDPR alone. Priventia was designed for multi-jurisdiction operation from day one: African data protection laws, EU AI Act, and US state privacy law included.

Privacy and Data Protection Laws

🇪🇺European Union

GDPRAvailable

General Data Protection Regulation

Regulation (EU) 2016/679 · Applicable from 25 May 2018

Regulator: EDPB (European Data Protection Board) + national DPAs€20M or 4% of global annual turnover

🇬🇧United Kingdom

UK GDPRAvailable

UK General Data Protection Regulation

Data Protection Act 2018 · Retained from EU GDPR post-Brexit

Regulator: Information Commissioner’s Office (ICO)£17.5M or 4% of global annual turnover

🇳🇬Nigeria

NDPA 2023Available

Nigeria Data Protection Act 2023

Act No. 14 of 2023 · Signed June 2023

Regulator: Nigeria Data Protection Commission (NDPC)₦10M or 2% of annual gross revenue (per violation)

🇿🇦South Africa

POPIAAvailable

Protection of Personal Information Act 4 of 2013

Act 4 of 2013 · Commencement 1 July 2021

Regulator: Information Regulator (South Africa)R10M or 10 years imprisonment

🇰🇪Kenya

Kenya DPA 2019Available

Data Protection Act 2019

Act No. 24 of 2019 · Commencement November 2019

Regulator: Office of the Data Protection Commissioner (ODPC)KSh 5M or 1% of annual turnover

🇺🇸United States

CCPA / CPRAAvailable

California Consumer Privacy Act & California Privacy Rights Act

CCPA effective 1 January 2020 · CPRA operative 1 January 2023

Regulator: California Privacy Protection Agency (CPPA)$7,500 per intentional violation · $2,500 per unintentional violation

🇧🇷Brazil

LGPDAvailable

Lei Geral de Proteção de Dados Pessoais

Law No. 13,709/2018 · Effective 18 September 2020

Regulator: Autoridade Nacional de Proteção de Dados (ANPD)2% of revenue in Brazil (capped at R$50M per infraction)

🇸🇦Saudi Arabia

Saudi PDPLAvailable

Personal Data Protection Law

Royal Decree M/19 · Effective 14 September 2023

Regulator: Saudi Data & AI Authority (SDAIA) / NDMOSAR 5M per violation (≈ USD 1.3M)

🇺🇸United States

COPPAAvailable

Children’s Online Privacy Protection Act

15 U.S.C. §§ 6501–6506 · FTC Rule 16 CFR Part 312

Regulator: Federal Trade Commission (FTC)$53,088 per violation (2024 adjusted)

🇺🇸United States

HIPAAComing Soon

Health Insurance Portability and Accountability Act

Public Law 104-191 · Enacted 1996

Regulator: US Department of Health and Human Services (HHS)$50,000–$2M per violation category per year

AI Governance Laws

🇪🇺European Union

EU AI ActAvailable

Regulation on Artificial Intelligence

Regulation (EU) 2024/1689 · Applicable from August 2026

Regulator: AI Office (European Commission) + national authorities€35M or 7% of global annual turnover

Corporate Due Diligence Laws

🇪🇺European Union

EU CSDDDAvailable

Corporate Sustainability Due Diligence Directive

Directive (EU) 2024/1760 · Phased application from July 2027

Regulator: National supervisory authorities (EU Member States)Up to 5% of worldwide net turnover

🇩🇪Germany

German LkSGAvailable

Supply Chain Due Diligence Act

BGBl. I 2021, 2959 · Effective 1 January 2023

Regulator: Federal Office for Economic Affairs and Export Control (BAFA)Up to 2% of average annual turnover

🇬🇧United Kingdom

UK Modern Slavery ActAvailable

Modern Slavery Act 2015

Chapter 30 · Royal Assent 26 March 2015

Regulator: Home Office; Independent Anti-Slavery CommissionerUnlimited fines for contempt of court

🇫🇷France

French Duty of VigilanceAvailable

Loi relative au devoir de vigilance

Law No. 2017-399 · Enacted 27 March 2017

Regulator: French civil courtsCivil liability: damages and injunctive relief

Cybersecurity & Operational Resilience Laws

🇪🇺European Union

NIS2 DirectiveAvailable

Directive on Measures for a High Common Level of Cybersecurity

Directive (EU) 2022/2555 · Applicable from 18 October 2024

Regulator: National competent authorities; ENISA; CSIRTs€10M or 2% of global annual turnover

🇪🇺European Union

DORAAvailable

Digital Operational Resilience Act

Regulation (EU) 2022/2554 · Applicable from 17 January 2025

Regulator: EBA, ESMA, EIOPA + national authoritiesUp to 1% of average daily global turnover

🇪🇺European Union

Cyber Resilience ActComing Soon

Regulation on Cybersecurity Requirements for Products with Digital Elements

Regulation (EU) 2024/2847 · Phased application from September 2026

Regulator: ENISA + national market surveillance authorities€15M or 2.5% of global annual turnover

🇪🇺European Union

CER DirectiveComing Soon

Critical Entities Resilience Directive

Directive (EU) 2022/2557 · Applicable from 18 October 2024

Regulator: National competent authorities (EU Member States)Determined by Member States

Trust and Safety Laws

🇪🇺European Union

EU DSAAvailable

Digital Services Act

Regulation (EU) 2022/2065 · Fully applicable from 17 February 2024

Regulator: European Commission (Digital Services Coordinators)Up to 6% of worldwide annual turnover

🇬🇧United Kingdom

Online Safety ActAvailable

Online Safety Act 2023

Chapter 50 · Royal Assent 26 October 2023

Regulator: OfcomUp to 10% of qualifying worldwide revenue or £18M

🇩🇪Germany

NetzDGAvailable

Network Enforcement Act (Netzwerkdurchsetzungsgesetz)

BGBl. I 2017, 3352 · Effective 1 October 2017

Regulator: Federal Office of Justice (BfJ)Up to €50M per infringement

Governance Frameworks

Voluntary Framework

NIST AI RMF

NIST AI Risk Management Framework 1.0

NIST CSWP 29 · Version 1.0 released January 2023

Regulator: National Institute of Standards and Technology (NIST)Voluntary framework

Voluntary Framework

NIST CSF 2.0

NIST Cybersecurity Framework 2.0

Version 2.0 released February 2024

Regulator: National Institute of Standards and Technology (NIST)Voluntary framework

International Standard

ISO/IEC 42001

Artificial Intelligence Management System

ISO/IEC 42001:2023 · Published December 2023

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

International Standard

ISO/IEC 27001

Information Security Management Systems

ISO/IEC 27001:2022 · Third edition October 2022

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

International Standard

ISO/IEC 27701

Privacy Information Management Extension

ISO/IEC 27701:2019 · Published August 2019

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

Industry Standard

PCI DSS v4.0

Payment Card Industry Data Security Standard v4.0.1

v4.0.1 effective June 2024 (mandatory by 31 March 2025)

Regulator: PCI SSC; enforced by Visa, Mastercard, Amex, Discover, JCB$5,000–$100,000/month non-compliance fines

International Framework

OECD Guidelines for MNEs

OECD Guidelines for Multinational Enterprises on Responsible Business Conduct

OECD/LEGAL/0144 · 2023 update (original 1976)

Regulator: OECD; National Contact Points (NCPs)Voluntary framework

International Framework

UN Guiding Principles

United Nations Guiding Principles on Business and Human Rights

A/HRC/17/31 · Endorsed June 2011

Regulator: UN Human Rights Council; OHCHRVoluntary framework

About
About Priventia
Our Approach
Security & Trust
Platform
Modules
Capabilities
How Priventia Works
Advisory Network
Insights
Regulatory Changes
Articles
Pricing
Contact

Request Early Access Sign In

About Priventia

Compliance platform
built by a lawyer.

Priventia is designed around the operational realities of modern compliance, not around what sells in procurement conversations.

Leadership

Built by a regulatory compliance lawyer, not an observer.

Egoyibo Okoro

Founder & CEO

Priventia was founded by Egoyibo Okoro, a privacy and AI governance lawyer with experience designing regulatory compliance programmes across Europe, Africa, the Americas, APAC, and the Middle East.

Her work focuses on translating complex regulatory obligations into operational governance frameworks that organisations can implement and defend under regulatory scrutiny.

Prior to founding Priventia, Egoyibo worked across multinational organisations advising on privacy governance, regulatory compliance, and emerging AI governance frameworks.

Priventia reflects that practitioner experience: a platform designed around how regulators actually evaluate compliance programmes, not how compliance questionnaires are typically structured.

74%

Compliance Score

Jurisdictions

Open Findings

89%

Controls Effective

Jurisdiction Coverage

EU GDPR

82%

UK GDPR

78%

NDPA 2023

65%

EU AI Act

58%

POPIA

71%

CCPA/CPRA

69%

Domain Health

Data Subject Rights81%

Lawful Basis76%

International Transfers62%

AI Risk Management54%

Impact Assessments73%

Records & Documentation88%

Open Findings

Critical

High

Medium

Low

Simulated data for illustration

Design principles

How Priventia thinks about compliance.

⚖

Lawyer-designed methodology

◈

Assessed outcomes, not self-declaration

□

Full evidence chain

◉

Multi-jurisdiction from day one

◎

Audit-defensible framework

◐

Built for the teams responsible for compliance, not procurement checklists

Priventia is designed for the compliance team running the programme, the DPO briefing the regulator, and the legal counsel defending the organisation, not for procurement checkboxes.

⬡

Supply chain due diligence as a legal obligation

◇

Five governance domains, one traceability chain

Track record

Numbers that matter.

Jurisdictions covered

122

Assessment controls

Compliance domains

2026

Founded

Regulatory coverage

Built for the world's
privacy landscape.

Most compliance tools are built for GDPR alone. Priventia was designed for multi-jurisdiction operation from day one: African data protection laws, EU AI Act, and US state privacy law included.

Privacy and Data Protection Laws

🇪🇺European Union

GDPRAvailable

General Data Protection Regulation

Regulation (EU) 2016/679 · Applicable from 25 May 2018

Regulator: EDPB (European Data Protection Board) + national DPAs€20M or 4% of global annual turnover

🇬🇧United Kingdom

UK GDPRAvailable

UK General Data Protection Regulation

Data Protection Act 2018 · Retained from EU GDPR post-Brexit

Regulator: Information Commissioner’s Office (ICO)£17.5M or 4% of global annual turnover

🇳🇬Nigeria

NDPA 2023Available

Nigeria Data Protection Act 2023

Act No. 14 of 2023 · Signed June 2023

Regulator: Nigeria Data Protection Commission (NDPC)₦10M or 2% of annual gross revenue (per violation)

🇿🇦South Africa

POPIAAvailable

Protection of Personal Information Act 4 of 2013

Act 4 of 2013 · Commencement 1 July 2021

Regulator: Information Regulator (South Africa)R10M or 10 years imprisonment

🇰🇪Kenya

Kenya DPA 2019Available

Data Protection Act 2019

Act No. 24 of 2019 · Commencement November 2019

Regulator: Office of the Data Protection Commissioner (ODPC)KSh 5M or 1% of annual turnover

🇺🇸United States

CCPA / CPRAAvailable

California Consumer Privacy Act & California Privacy Rights Act

CCPA effective 1 January 2020 · CPRA operative 1 January 2023

Regulator: California Privacy Protection Agency (CPPA)$7,500 per intentional violation · $2,500 per unintentional violation

🇧🇷Brazil

LGPDAvailable

Lei Geral de Proteção de Dados Pessoais

Law No. 13,709/2018 · Effective 18 September 2020

Regulator: Autoridade Nacional de Proteção de Dados (ANPD)2% of revenue in Brazil (capped at R$50M per infraction)

🇸🇦Saudi Arabia

Saudi PDPLAvailable

Personal Data Protection Law

Royal Decree M/19 · Effective 14 September 2023

Regulator: Saudi Data & AI Authority (SDAIA) / NDMOSAR 5M per violation (≈ USD 1.3M)

🇺🇸United States

COPPAAvailable

Children’s Online Privacy Protection Act

15 U.S.C. §§ 6501–6506 · FTC Rule 16 CFR Part 312

Regulator: Federal Trade Commission (FTC)$53,088 per violation (2024 adjusted)

🇺🇸United States

HIPAAComing Soon

Health Insurance Portability and Accountability Act

Public Law 104-191 · Enacted 1996

Regulator: US Department of Health and Human Services (HHS)$50,000–$2M per violation category per year

AI Governance Laws

🇪🇺European Union

EU AI ActAvailable

Regulation on Artificial Intelligence

Regulation (EU) 2024/1689 · Applicable from August 2026

Regulator: AI Office (European Commission) + national authorities€35M or 7% of global annual turnover

Corporate Due Diligence Laws

🇪🇺European Union

EU CSDDDAvailable

Corporate Sustainability Due Diligence Directive

Directive (EU) 2024/1760 · Phased application from July 2027

Regulator: National supervisory authorities (EU Member States)Up to 5% of worldwide net turnover

🇩🇪Germany

German LkSGAvailable

Supply Chain Due Diligence Act

BGBl. I 2021, 2959 · Effective 1 January 2023

Regulator: Federal Office for Economic Affairs and Export Control (BAFA)Up to 2% of average annual turnover

🇬🇧United Kingdom

UK Modern Slavery ActAvailable

Modern Slavery Act 2015

Chapter 30 · Royal Assent 26 March 2015

Regulator: Home Office; Independent Anti-Slavery CommissionerUnlimited fines for contempt of court

🇫🇷France

French Duty of VigilanceAvailable

Loi relative au devoir de vigilance

Law No. 2017-399 · Enacted 27 March 2017

Regulator: French civil courtsCivil liability: damages and injunctive relief

Cybersecurity & Operational Resilience Laws

🇪🇺European Union

NIS2 DirectiveAvailable

Directive on Measures for a High Common Level of Cybersecurity

Directive (EU) 2022/2555 · Applicable from 18 October 2024

Regulator: National competent authorities; ENISA; CSIRTs€10M or 2% of global annual turnover

🇪🇺European Union

DORAAvailable

Digital Operational Resilience Act

Regulation (EU) 2022/2554 · Applicable from 17 January 2025

Regulator: EBA, ESMA, EIOPA + national authoritiesUp to 1% of average daily global turnover

🇪🇺European Union

Cyber Resilience ActComing Soon

Regulation on Cybersecurity Requirements for Products with Digital Elements

Regulation (EU) 2024/2847 · Phased application from September 2026

Regulator: ENISA + national market surveillance authorities€15M or 2.5% of global annual turnover

🇪🇺European Union

CER DirectiveComing Soon

Critical Entities Resilience Directive

Directive (EU) 2022/2557 · Applicable from 18 October 2024

Regulator: National competent authorities (EU Member States)Determined by Member States

Trust and Safety Laws

🇪🇺European Union

EU DSAAvailable

Digital Services Act

Regulation (EU) 2022/2065 · Fully applicable from 17 February 2024

Regulator: European Commission (Digital Services Coordinators)Up to 6% of worldwide annual turnover

🇬🇧United Kingdom

Online Safety ActAvailable

Online Safety Act 2023

Chapter 50 · Royal Assent 26 October 2023

Regulator: OfcomUp to 10% of qualifying worldwide revenue or £18M

🇩🇪Germany

NetzDGAvailable

Network Enforcement Act (Netzwerkdurchsetzungsgesetz)

BGBl. I 2017, 3352 · Effective 1 October 2017

Regulator: Federal Office of Justice (BfJ)Up to €50M per infringement

Governance Frameworks

Voluntary Framework

NIST AI RMF

NIST AI Risk Management Framework 1.0

NIST CSWP 29 · Version 1.0 released January 2023

Regulator: National Institute of Standards and Technology (NIST)Voluntary framework

Voluntary Framework

NIST CSF 2.0

NIST Cybersecurity Framework 2.0

Version 2.0 released February 2024

Regulator: National Institute of Standards and Technology (NIST)Voluntary framework

International Standard

ISO/IEC 42001

Artificial Intelligence Management System

ISO/IEC 42001:2023 · Published December 2023

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

International Standard

ISO/IEC 27001

Information Security Management Systems

ISO/IEC 27001:2022 · Third edition October 2022

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

International Standard

ISO/IEC 27701

Privacy Information Management Extension

ISO/IEC 27701:2019 · Published August 2019

Regulator: ISO; certification by accredited bodiesNo direct statutory fines

Industry Standard

PCI DSS v4.0

Payment Card Industry Data Security Standard v4.0.1

v4.0.1 effective June 2024 (mandatory by 31 March 2025)

Regulator: PCI SSC; enforced by Visa, Mastercard, Amex, Discover, JCB$5,000–$100,000/month non-compliance fines

International Framework

OECD Guidelines for MNEs

OECD Guidelines for Multinational Enterprises on Responsible Business Conduct

OECD/LEGAL/0144 · 2023 update (original 1976)

Regulator: OECD; National Contact Points (NCPs)Voluntary framework

International Framework

UN Guiding Principles

United Nations Guiding Principles on Business and Human Rights

A/HRC/17/31 · Endorsed June 2011

Regulator: UN Human Rights Council; OHCHRVoluntary framework

Start building a defensible compliance programme.

Start your compliance intelligence assessment. Audit-ready output from day one.

Request Early Access Request a Demo

Compliance platformbuilt by a lawyer.

Built by a regulatory compliance lawyer, not an observer.

How Priventia thinks about compliance.

Numbers that matter.

Built for the world'sprivacy landscape.

Privacy and Data Protection Laws

AI Governance Laws

Corporate Due Diligence Laws

Cybersecurity & Operational Resilience Laws

Trust and Safety Laws

Governance Frameworks

Start building a defensible compliance programme.

Compliance platformbuilt by a lawyer.

Built by a regulatory compliance lawyer, not an observer.

How Priventia thinks about compliance.

Numbers that matter.

Built for the world'sprivacy landscape.

Privacy and Data Protection Laws

AI Governance Laws

Corporate Due Diligence Laws

Cybersecurity & Operational Resilience Laws

Trust and Safety Laws

Governance Frameworks

Start building a defensible compliance programme.

Compliance platform
built by a lawyer.

Built for the world's
privacy landscape.

Compliance platform
built by a lawyer.

Built for the world's
privacy landscape.