In these pages we will offer simple guidance to help newcomers understand what SENTINEL is about, how it works, and how you can achieve different tasks.
¶ What is SENTINEL and why do I need it?
SENTINEL aspires to be European SMEs' one-stop shop for cybersecurity and GDPR-related recommendations.
It offers SMEs four value propositions:
- Education about data protection requirements and, specifically, (a) why individuals' data and privacy need protection; (b) how the SME's personal data processing activities may affect data subjects' privacy; and (c) what needs to be done in terms of organisational and technical measures, as well as training and education, to improve data protection and privacy.
- A toolkit for evidence-based GDPR compliance. SENTINEL offers SMEs two approaches for data protection compliance: (a) a simple Record of Processing Activities (ROPA) to help businesses comply with Art.30 of the GDPR for keeping records of how personal data is processed and the nature and intention of data processing activities; and (b) by providing a mapping between the identified data protection requirements and the specific recommended organisational and technical measures, training material and software & tools to satisfy them.
- Cutting costs by acquainting SME leaders and data protection responsibles and technical personnel on data protection compliance, thus saving on consultancy, training and education costs. As an example, an SME stakeholder, after having completed a full user journey, will have a more holistic understanding of the EU's data protection requirements, their GDPR compliance level, the risk associated with their Processing Activities and organisation as a whole and what measures they need to take to strengthen their compliance and their whole privacy and security stance.
- Increased cybersecurity awareness and education through enterprise-grade tools adapted for SMEs, such as the Airbus CyberRange and Mitigate.
SENTINEL is addressed to:
- SME stakeholders with high-level decision making capacity on the organisation's data processing activities, such as directors, CEOs, CTOs or similar.
- Data Protection Officers (DPOs).
- EU representatives for the protection of personal data.
- Technical/IT personnel tasked with maintaining cyber assets and/or implementing technical measures for data protection.
- SME personnel looking to better understand the nature and GDPR compliance level of the data processing done by the SME and acquire recommendations.
- SME personnel looking to improve their cybersecurity and data protection practices.
SENTINEL users are invited to follow a relatively linear pipeline of actions, all of which both raise awareness and contribute actionable recommendations for their organisation. This pipeline may be summarily described as follows:
- Create a complete profile for your organisation.
- Create and populate one or more personal data processing activities (PAs).
- Commit at least one PA to the permanent record of processing activities (ROPA).
- Execute one or more self-assessments:
- GDPR Compliance Self-Assessment.
- DPIA.
- Cybersecurity Risk Assessment (CSRA).
- SENTINEL leverages data gathered during the previous steps, to calculate recommendations of measures, software and training material, tailored to your organisation. These may be browsed under "Policy".
- SENTINEL also keeps track of which recommended measures are implemented by each organisation, and which measures are still pending.
- Explore the CyberRange interface, to recreate the cyber setup of your organisation and learn how to do cyber defense. Play around in the new CyberRange gaming interface to discover best cyber defense practices in action.
- Browse the Observatory for:
- Up-to-date information on the latest threats and vulnerabilities data from open threat intelligence platforms (for expert and technical cybersecurity staff)
- Handling incidents and reporting/sharing them to the appropriate communities.
- Selected and curated contentand training material on best practices for cybersecurity and data protection.
- Finally, if you have installed and integrated a compatible cybersecurity infrastructure monitoring plugin, such as Security Infusion, you will be able to receive security notifications.
The above will help raise your awareness and focus your efforts on what matters most for protecting personal data within your SME, without wasting resources on exploratory activities. We hope you will use the hypertext capabilities of this Wiki to jump into the sections most relevant to you and get genuinely useful assistance, fast.
Feeling ready? Start here!