WhiteRabbit · Project

Automated GDPR Compliance Platform That Works Like a Tax Accountant for Personal Data

digitalTestedTRL 6

knowdive.disi.unitn.it

Imagine you run a business that collects customer data — names, emails, purchase history. Now GDPR says you have to track every piece of personal data, know exactly where it sits, and prove you handle it properly. WhiteRabbit built a software platform that does this automatically, the same way a tax accountant handles your tax returns — you feed it your data, and it tells you what's compliant and what's not. The team took a university prototype, tested it with real early adopters, and designed a plan to turn it into a commercial product through a new startup.

By the numbers

EUR 99,750

EU contribution for business model validation and commercialization roadmap

consortium partners (1 university, 1 industry)

total project deliverables including improved platform demo

15 months

project duration (April 2017 to July 2018)

50%

industry partner ratio in consortium

The business problem

What needed solving

Companies collecting personal data face escalating complexity and costs in managing GDPR compliance. Every piece of customer, employee, or user data must be tracked, its use justified, and its handling documented — a burden that grows with every new regulation update. Getting it wrong means fines, lawsuits, and reputational damage, but doing it manually is expensive and error-prone.

The solution

What was built

An improved software platform (evolved from an MVP with early adopter feedback) that automates personal data compliance management, functioning like an automated tax accountant for GDPR. The project also produced a validated business model and commercialization roadmap for launching a startup around the technology.

Audience

Who needs this

Data Protection Officers at mid-size companies overwhelmed by manual GDPR trackingE-commerce companies processing high volumes of customer personal dataHealthcare IT providers handling sensitive patient records under strict privacy rulesHR and recruitment firms managing candidate and employee data across bordersGDPR compliance consultants looking for automated tools to serve multiple clients

Business applications

Who can put this to work

E-commerce and Retail

SME

Target: Online retailers handling large volumes of customer personal data

If you are an e-commerce company dealing with thousands of customer records across multiple systems — this project developed an automated platform that maps your personal data flows and flags compliance gaps, working like a tax accountant but for GDPR. The improved platform was tested with early adopters and refined based on their feedback. With EU contribution of EUR 99,750, the tool was designed specifically for companies struggling with the escalating complexity of data privacy management.

Healthcare IT

mid-size

Target: Health tech companies processing sensitive patient data

If you are a health tech provider dealing with sensitive patient records subject to strict GDPR rules — this project built a platform that automatically tracks where personal data lives and whether it complies with regulations. The consortium of 2 partners including an industry partner validated the business model and tested the product in a market environment. The platform helps reduce the legal risk and cost of mishandling personal health data.

HR and Recruitment Services

any

Target: Staffing agencies and HR departments managing employee and candidate data

If you are an HR services company managing candidate CVs, employee records, and consent forms across borders — this project developed a platform that automates data privacy compliance the way accounting software automates tax filing. Built on a prototype from the University of Trento and improved through early adopter testing, it addresses the high complexity and costs companies face when managing personal data under GDPR.

Frequently asked

Quick answers

What would it cost to implement this platform?

The project had an EU contribution of EUR 99,750 under a Coordination and Support Action, which funded business model validation and commercialization planning rather than large-scale product development. Based on available project data, specific licensing or subscription pricing was not published. The team planned to launch a startup to commercialize the platform, so pricing would depend on that venture's status.

Can this scale to handle enterprise-level data volumes?

The project developed an improved platform based on early adopter feedback from an initial MVP. Based on available project data, the testing was conducted in a market environment but specific scale metrics (data volume, number of records) were not reported. The platform was designed for companies and SMEs dealing with personal data management complexity.

What is the IP situation — can we license this technology?

The original prototype was developed at the University of Trento within the Smart Society FET project. The commercialization roadmap was designed together with META Group, and the plan was to launch a new startup by the team who developed the prototype. Based on available project data, licensing terms would need to be negotiated with the University of Trento or the planned startup entity.

How does this compare to existing GDPR compliance tools on the market?

WhiteRabbit positions itself as an automated 'tax accountant' for data privacy — handling complexity of regulations the way tax software handles tax returns. The project ran from 2017 to 2018, coinciding with GDPR's introduction. Based on available project data, no direct competitive benchmarking was published, but the approach of automating compliance rather than just documenting it was the core differentiator.

Is this compliant with the latest GDPR requirements?

The platform was specifically designed around the upcoming GDPR regulations at the time of development (2017-2018). The project objective explicitly addresses the stricter rules introduced by GDPR and the higher complexity and costs for personal data management. Based on available project data, updates since the project ended in July 2018 would need to be confirmed with the development team.

What is the timeline from evaluation to deployment?

The project completed its full cycle in 15 months (April 2017 to July 2018), going from prototype to improved platform with early adopter testing and business model validation. Based on available project data, the team planned to launch a startup for commercialization after project completion. Current deployment readiness would depend on post-project development.

Consortium

Who built it

This is a lean, focused consortium of just 2 Italian partners — the University of Trento providing the research prototype and technical expertise, and META Group bringing commercialization know-how, startup creation experience, and investor access. The 50% industry ratio is strong for a project of this size. META Group specializes in turning research into business, which is exactly what this project needed. The small consortium kept coordination overhead low, but the single-country setup (Italy only) means the platform was not tested across different EU regulatory environments, which could matter for a GDPR tool that needs to work pan-European.

UNIVERSITA DEGLI STUDI DI TRENTOCoordinator · IT
META GROUP SRLparticipant · IT

How to reach the team

The coordinator is the University of Trento, Department of Information Engineering and Computer Science (DISI). SciTransfer can facilitate an introduction to the research team.

Order a report on this consortium See UNIVERSITA DEGLI STUDI DI TRENTO profile →

Next steps

Talk to the team behind this work.

Want to explore whether this GDPR compliance platform fits your data management needs? SciTransfer can connect you with the development team and provide a detailed technology brief.

Order a report on this topic More in Digital & ICT