SENTINEL · Project

Affordable GDPR Compliance and Cybersecurity Toolkit Built for Small Businesses

digitalPilotedTRL 7

Imagine you run a small business and know you should protect customer data and follow GDPR rules, but the security tools big corporations use cost a fortune and need a dedicated IT team. SENTINEL built an affordable, all-in-one digital toolkit that bundles data protection checks, automated compliance advice, and incident response into a single platform designed specifically for small companies. Think of it like TurboTax but for data privacy — it walks you through what you need to do, flags problems, and even drafts policies for you using machine learning. The goal is to close the gap between what small businesses spend on cybersecurity and how protected they actually are.

By the numbers

25 million

European SMEs/MEs targeted by the solution

consortium partners that built the platform

countries represented in the consortium

demo deliverables produced

SME partners in the consortium

The business problem

What needed solving

Over 25 million European small and micro businesses are exposed to data breaches and GDPR fines because enterprise-grade cybersecurity tools are too expensive and complex for them. These businesses declare willingness to invest in compliance, but millions still fail to meet GDPR requirements because existing solutions don't match their budgets, technical capacity, or scale. The result is a dangerous gap between what small businesses spend on data protection and how protected they actually are.

The solution

What was built

SENTINEL built a complete integrated platform with four main components: a privacy and data protection suite for SME self-assessment, a machine-learning-powered digital core for compliance recommendations and policy drafting, modular cybersecurity services including identity management and incident response, and a visualization/UI layer. All components went through MVP, full-featured, and final product stages across 16 demo deliverables.

Audience

Who needs this

Small online retailers and e-commerce businesses processing customer data under GDPRManaged IT service providers looking to offer GDPR compliance as a service to SME clientsSmall professional services firms (accountants, lawyers, consultants) handling sensitive client dataIndustry associations and chambers of commerce seeking cybersecurity tools for their SME membersInsurance companies developing cyber-risk products for small business customers

Business applications

Who can put this to work

Retail & E-commerce

SME

Target: Online retailers and shops processing customer payment and personal data

If you are a small online retailer dealing with GDPR compliance headaches and the constant fear of a data breach — this project developed a privacy and data protection suite specifically for SMEs that includes self-assessment tools, automated policy drafting, and a one-stop incident response centre. It was built from MVP through to final product across 13 partners in 10 countries, tested with real small business scenarios.

Professional Services

SME

Target: Accounting firms, legal practices, and consultancies handling sensitive client data

If you are a small professional services firm struggling to prove GDPR compliance to your clients while lacking dedicated IT security staff — this project built a machine-learning-powered compliance engine that recommends what you need to fix, helps you draft data protection policies, and provides identity management for secure data handling. The integrated solution went through three development stages from MVP to final product.

Healthcare & Clinics

SME

Target: Small medical practices and health clinics processing patient records

If you are a small medical practice worried about protecting patient data but cannot afford enterprise-grade cybersecurity — this project created modular security services including encryption, secure communication, and a digital compliance self-assessment designed for businesses without IT departments. The platform was developed by 9 industry partners including 7 SMEs who understand small business constraints firsthand.

Frequently asked

Quick answers

How much would this solution cost a small business?

Pricing details are not published in the project data. However, the project was explicitly designed to be cost-effective for SMEs and micro-enterprises — the core objective states it aims to bridge the cybersecurity gap 'at a cost-effective level.' With 7 SME partners in the consortium, the pricing model was shaped by companies that understand small business budgets.

Can this scale to serve thousands of small businesses across Europe?

The platform was designed as a unified digital architecture with modular components, meaning individual services can be deployed independently or together. The project targeted over 25 million European SMEs/MEs and included partners from 10 countries, suggesting the system was built for cross-border, multi-language scalability.

Who owns the IP and can I license it?

The consortium of 13 partners across 10 countries jointly developed the technology. IP ownership typically follows EU Horizon 2020 rules where each partner owns what they created. Contact the coordinator (Information Technology for Market Leadership, Greece) for licensing terms and commercial access to the platform.

Does this help with actual GDPR compliance or just cybersecurity?

Both. The project built a dedicated privacy and data protection suite with an end-to-end digital compliance self-assessment specifically for GDPR. It also includes machine-learning-powered policy drafting, enforcement recommendations, and an incident response centre — covering both the security technology and the regulatory compliance side.

How long would it take to deploy this in my business?

The project ran from June 2021 to May 2024 and produced a final integrated solution. Based on available project data, the modular design means businesses could start with specific components (like the self-assessment or the privacy suite) rather than deploying everything at once. Exact deployment timelines would depend on your current IT setup.

Does this integrate with our existing IT systems?

The SENTINEL architecture was built as modular and integrated — the digital core connects with the privacy suite, compliance services, and visualization components through a unified platform. The project specifically chose 'tried-and-tested modular cybersecurity technologies' combined with new ones, suggesting compatibility with existing security infrastructure was a design priority.

Is there ongoing support or is this just a research prototype?

The project included a knowledge sharing hub and a methodology for application beyond the project period. With 9 industry partners (69% of the consortium) and 7 SMEs involved, the commercial intent is clear. However, post-project commercial availability should be confirmed directly with the consortium partners.

Consortium

Who built it

The SENTINEL consortium is heavily industry-driven: 9 out of 13 partners come from industry, and 7 are SMEs — meaning the people building this tool are exactly the type of company that needs it. The consortium spans 10 countries (Belgium, Switzerland, Germany, Greece, France, Ireland, Luxembourg, Malta, Portugal, UK), giving it broad European market coverage. The coordinator is a Greek SME (Information Technology for Market Leadership), and key delivery partners include specialists in cybersecurity, identity management, and compliance. With only 1 university and 2 research organizations, this is clearly an execution-focused project aimed at building a deployable product, not an academic exercise.

INFORMATION TECHNOLOGY FOR MARKET LEADERSHIPCoordinator · EL
AIRBUS CYBERSECURITY SASparticipant · FR
POLYTECHNEIO KRITISparticipant · EL
LUXEMBOURG INSTITUTE OF SCIENCE AND TECHNOLOGYparticipant · LU
UNINOVA-INSTITUTO DE DESENVOLVIMENTO DE NOVAS TECNOLOGIAS-ASSOCIACAOparticipant · PT
FOCAL POINTparticipant · BE
AEGIS IT RESEARCH GMBHparticipant · DE
SPHYNX TECHNOLOGY SOLUTIONS AGparticipant · CH
NETCOMPANY S.A.participant · LU

How to reach the team

Information Technology for Market Leadership (ITML), Greece — an SME specializing in IT solutions. Use the CORDIS contact form or find them through their company website.

Order a report on this consortium See INFORMATION TECHNOLOGY FOR MARKET LEADERSHIP profile →

Next steps

Talk to the team behind this work.

Want to connect with the SENTINEL team about licensing their GDPR compliance platform for your business or clients? SciTransfer can arrange an introduction and help you evaluate fit.

Order a report on this topic More in Digital & ICT