Our edge

Three teams, under one roof.

A legal obligation always combines law and tech. Most firms have one or the other. Luxgap has both, plus a development team for custom tools.

Legal team

Specialists in data and cybersecurity law in Luxembourg. They translate a legal requirement into an applicable policy, contract clause or internal procedure, and represent you in case of inspection.

Areas covered

  • GDPR, records of processing, DPIAs, privacy notices, DPA contracts, data subject rights, CNPD liaison.
  • AI Act, AI systems classification, transparency duties, foundation model governance.
  • NIS 2, entity qualification, governance, cyber clauses in vendor contracts, board training.
  • DORA, register of critical ICT third parties, exit clauses, contractual compliance for financial sector.
  • Whistleblowing, alert procedure drafting, internal charter, alert handling support.

Cybersecurity engineering team

Senior technical profiles (CISSP, CISA, OSCP, ISO 27001 Lead Auditor) who take operational ownership, not just slides. They run the CISO role day-to-day and operate the tooling.

What they do

  • Operational CISO: security policy, committee, regulator reporting.
  • ISO 27001 audits and certification readiness.
  • Penetration testing on web apps, infrastructure, cloud.
  • Dark Web monitoring (EEM) and threat intelligence.
  • Business continuity (BCP), DORA drills, crisis scenarios.
  • Incident handling: qualification, containment, NIS 2 24h / GDPR 72h notification, post-mortem.
  • TSCM sweeps of sensitive premises and executive protection.

Development team

Our development team builds specialised AI agents that automate your heavy, time-consuming tasks, plus GDPR-compliant business applications. POC-driven approach: a dedicated server installed at your premises, demonstrated on your real data before any commitment.

What they build

  • KYC agents, identity verification, consistency checks, forged document detection, automatic risk scoring.
  • Security monitoring agents, alert correlation, anomalous behaviour detection, continuous incident classification.
  • Log analysis agents, reading millions of lines, identifying weak signals, summary reports.
  • Data cleansing agents, automatic classification of legacy files, GDPR-compliant deletion, legal archiving.
  • EEM monitoring platform, Dark Web aggregation, lookalike detection, real-time alerts, Luxgap proprietary product.
  • Custom business applications, GDPR-compliant HR management, e-signature, cyber e-learning, Microsoft 365 / Google Workspace / ERP integrations.

How the three teams work together

For a DPO mandate (GDPR + AI Act), our lawyers drive while our cyber engineers validate technical measures (encryption, logging, access management). For a CISO mandate (NIS 2, DORA, whistleblowing), it's the opposite: our cyber engineers run operations while our lawyers structure governance and contracts. For AI projects, all three teams work in parallel. One contact, one contract, one invoice.

Let's discuss your need

Configure your quote or write to us, Julien Winkin gets back within one business day.

Build my quote →