SciTransfer
TRAPEZE · Project

GDPR Compliance and Privacy Tools That Let Companies Handle Personal Data Without Legal Risk

digitalPilotedTRL 7
trapeze-project.eu

Imagine every time a company touches your personal data — your health records, your browsing history, your location — there's supposed to be a clear paper trail showing who used it and why. In reality, most companies are flying blind, hoping their GDPR compliance holds up if regulators come knocking. TRAPEZE built a set of tools that automatically track where personal data flows across borders, collect consent in real time, and give both citizens and companies a clear dashboard proving everything is above board. Think of it like a GPS tracker for personal data — everyone can see where it went and whether it had permission to go there.

By the numbers
13
consortium partners across the project
7
European countries represented
3
real-world use cases validated
53
project deliverables produced
4
SMEs in the consortium
46%
industry partner ratio in consortium
The business problem

What needed solving

Every company handling personal data in Europe faces the same headache: proving to regulators that you know exactly where customer data goes, who touches it, and whether proper consent was given — especially when data crosses borders. Getting caught without proof means fines up to 4% of global revenue under GDPR. Most companies cobble together manual processes and hope for the best, but that approach breaks down the moment data flows through multiple controllers across different countries.

The solution

What was built

TRAPEZE built privacy-enhancing tools including real-time consent management, transborder data lineage tracking using Linked Data and Blockchain, and compliance proof dashboards for companies and regulators. The project produced 53 deliverables, with use case implementations documented across two full iterations covering integration plans, activities, difficulties, and final results.

Audience

Who needs this

Banks and financial institutions processing cross-border customer dataHealthcare providers and digital health platforms managing patient consentE-commerce companies needing cookie and tracking consent complianceData Protection Officers at multinational corporationsAdTech companies facing regulatory scrutiny on data usage
Business applications

Who can put this to work

Financial Services & Banking
enterprise
Target: Banks and fintech companies processing cross-border customer data

If you are a bank or fintech company dealing with cross-border data flows and GDPR audit pressure — this project developed tools using Linked Data and Blockchain that track transborder data lineage and provide proof of legal compliance. With 3 real-world use cases validated across 7 countries and 13 consortium partners, the technology addresses exactly the kind of multi-jurisdiction data tracking that keeps compliance officers awake at night.

Healthcare & Digital Health
mid-size
Target: Health data platforms and hospital networks handling patient records

If you are a healthcare provider or digital health platform struggling to manage patient consent across multiple systems — TRAPEZE built technology that dynamically acquires consent and adjusts data policies in real time as circumstances change. The project delivered 53 deliverables including use case implementations tested in two iterations, meaning the consent management tools have been through real integration cycles.

E-commerce & AdTech
any
Target: Online retailers and advertising technology companies managing user tracking consent

If you are an e-commerce or adtech company that needs to prove cookie consent and data usage compliance to regulators — this project created tools that enforce the integrity and non-repudiation of data usage policies across multiple data controllers. Built by a consortium with 46% industry partners including 4 SMEs, the solutions were designed for commercial viability from day one.

Frequently asked

Quick answers

What would it cost to implement these privacy tools?

The project does not publish licensing or implementation pricing. Since the coordinator TENFORCE is an SME based in Belgium with commercial orientation, pricing would likely follow a SaaS or enterprise licensing model. Contact the coordinator directly for commercial terms.

Can this scale to handle enterprise-level data volumes?

The objective explicitly mentions handling compliance 'even in big data environments,' and the technology stack includes Linked Data and Blockchain for tracking transborder data flows. The consortium tested across 3 real-world use cases with partners from 7 countries, suggesting the architecture was designed for cross-border, high-volume scenarios.

What is the IP situation — can I license this technology?

With 6 industry partners and 4 SMEs in the consortium, IP is likely distributed among multiple partners. TENFORCE as coordinator and SME would be a natural licensing contact. Specific IP and licensing terms would need to be negotiated directly with the relevant consortium members.

Does this actually meet current GDPR requirements?

The project was specifically funded under the EU's security topic SU-DS03-2019-2020 and built tools for consent management, data lineage tracking, and proof of legal compliance. The technology was designed to work with data protection authorities and CERTs/CSIRTs, suggesting alignment with regulatory expectations.

How long would integration take with our existing systems?

The project produced 53 deliverables including two iterations of use case implementation documents detailing integration activities and difficulties. Based on available project data, the team went through real integration cycles and documented the challenges, which suggests practical integration guidance exists.

Is this still maintained after the project ended in 2023?

The project closed in August 2023. Whether individual tools are maintained depends on the commercial plans of consortium partners, particularly TENFORCE. The Innovation Action funding scheme typically targets market-ready outputs, so commercial continuation is plausible but should be confirmed.

Can this work alongside our existing compliance software?

Based on available project data, the system uses Linked Data standards for interoperability and Blockchain for audit trails, both of which are designed for cross-system integration. The 13-partner consortium with diverse technical backgrounds suggests the tools were built to work across different IT environments.

Consortium

Who built it

The TRAPEZE consortium brings together 13 partners from 7 countries (Belgium, Germany, Greece, Spain, France, Italy, Serbia), led by TENFORCE, a Belgian SME. With 6 industry partners and 4 SMEs making up 46% of the consortium, this is a commercially oriented team rather than a purely academic exercise. The presence of only 2 universities and 1 research organization confirms the focus was on building deployable tools, not publishing papers. For a business looking to adopt these technologies, the diverse geographic spread means the tools were tested across multiple regulatory environments, which is exactly what you need for cross-border GDPR compliance.

How to reach the team

TENFORCE is an SME based in Belgium — reach out through their company website or the CORDIS contact form for licensing and partnership discussions.

Order a report on this consortiumSee TENFORCE profile →
Next steps

Talk to the team behind this work.

Want an introduction to the TRAPEZE team? SciTransfer can connect you with the right consortium partner for your specific compliance challenge.

Order a report on this topicMore in Digital & ICT
More in Digital & ICT
See all Digital & ICT projects
Affordable Satellite Communication Modules That Give SMEs Direct Access to Space Data
InnoSpaceComm
Open →
Home Dining Marketplace Connecting Travelers with Local Hosts Across Europe
ECINPERSON
Open →
AI-Powered 3D Art Creation That Cuts Production Time for Game and Film Studios
ArtomatixSuite
Open →