Sentinel is a compliance software and information service at sentinel-firm.com. Contact: hello@sentinel-firm.com.
2. What data we collect
When you submit your email or contact us, we collect: your email address, submission date and time, and basic technical data (IP address, browser type) recorded by our hosting provider. We do not use tracking cookies or advertising scripts.
3. How we use your data
We use your email solely to respond to your compliance enquiry and to send information about Sentinel's services you have requested. We do not sell or share your data with any third party except where required by law.
4. Legal basis (GDPR)
Our legal basis is your consent under Article 6(1)(a) GDPR, given when you submit your contact details. You may withdraw consent at any time by emailing hello@sentinel-firm.com.
5. Data retention
We retain your contact information for up to 24 months from submission, or until you request deletion, whichever is sooner.
6. Your rights
Under GDPR you have the right to access, correct, delete, restrict, or port your data, and to lodge a complaint with your national data protection authority. Email hello@sentinel-firm.com to exercise any right.
7. International transfers
Data submitted to Sentinel may be processed outside the EEA. We apply appropriate safeguards in accordance with GDPR requirements.
Terms of Service
Terms of Service
Last updated: 15 June 2026
1. About Sentinel
Sentinel is a compliance software and information service at sentinel-firm.com. These terms govern your use of Sentinel's website and services.
2. Not legal advice
Sentinel is not a law firm and does not provide legal advice. All content, documents, reports, and materials are for informational and operational guidance purposes only. All documents should be reviewed by a qualified solicitor before formal reliance.
3. No guarantee of compliance
Use of Sentinel does not guarantee full regulatory compliance. You remain solely responsible for your organisation's compliance obligations.
4. Limitation of liability
Sentinel accepts no liability for regulatory fines, penalties, enforcement actions, legal costs, or business losses. Our aggregate liability shall not exceed fees paid in the three months preceding any claim.
5. Payment and cancellation
One-time project fees are payable in advance of delivery. Monthly subscriptions are billed in advance and may be cancelled at any time, effective at end of the current billing period.
6. Governing law
These terms are governed by applicable law. Disputes shall be resolved in the appropriate courts of jurisdiction.
Legal Disclaimer
Legal Disclaimer
sentinel-firm.com
Not legal advice
All information, documents, reports, and materials provided by Sentinel are for general informational and operational guidance purposes only. Nothing constitutes legal advice. Sentinel is a software and information service — not a law firm.
Professional review required
All compliance materials generated by Sentinel must be reviewed by a qualified solicitor before formal reliance. The existence of a Sentinel document does not guarantee regulatory compliance.
No liability
Sentinel accepts no liability for regulatory fines, penalties, legal proceedings, or business losses arising from use of or reliance on Sentinel's services.
Request a free compliance consultation
A 20-minute call to assess your regulatory exposure and recommend the right package. No payment. No commitment.
✓
Request received
Your email app has opened with details pre-filled to hello@sentinel-firm.com. Please send it — we'll confirm your call within one business day.
47 days remaining. EU AI Act high-risk enforcement begins August 2, 2026. Penalties up to €35M.
View compliance packages →
EU Compliance Platform · GDPR · AI Act · NIS2 · CSRD · DORA
EU compliance for every business that needs it.
European regulation is enforced. GDPR penalties have exceeded €7 billion. The AI Act is weeks away. Sentinel gives every business access to the compliance expertise that enterprise organisations rely on — at a price that makes compliance achievable.
⚠ AI Act penalties up to €35M · GDPR penalties up to €20M · Enforcement active from August 2026
Delivered in 7–21 daysFixed-price engagementsLegally validated frameworksCIPP/E certified advisors
Live — Cumulative EU GDPR penalties
€7,100,000,000
Ireland's DPC issued €652M in penalties in 2024 alone — more than half the EU total for the year. This figure increases every second as enforcement continues.
EU AI Act — High-Risk Compliance Deadline
August 2, 2026
All organisations deploying AI in high-risk applications must demonstrate full compliance by this date. Penalties reach €35M or 7% of global annual turnover.
Enterprise compliance platforms are architecturally sound. They are also designed for organisations with dedicated compliance departments, six-figure budgets, and months available for implementation.
Sentinel delivers the same compliance outcomes — AI Governance, Consent Management, Data Use Governance, Privacy Automation, Tech Risk & Compliance, and Third-Party Management — through a structured, fixed-price engagement model. Delivered in days. At a fraction of the cost.
⚡
7–21 day delivery
Traditional compliance engagements take 4–12 weeks. When the August 2 deadline is weeks away, speed is critical.
💰
Fixed-price transparency
Law firms bill at €200–500 per hour with no ceiling. A GDPR audit routinely exceeds €8,000 before a single document is produced. Sentinel: fixed price, defined scope.
🎓
CIPP/E certified advisors
Every engagement is reviewed by a CIPP/E certified EU compliance professional — the recognised qualification standard across all 27 EU member states.
Services
Every compliance obligation. One engagement.
Sentinel covers the full spectrum of EU compliance requirements. Each service is delivered as part of a fixed-price package — customised to your organisation, not a generic template.
🔍
Mandatory
Compliance Gap Assessment
A structured analysis of your organisation against GDPR, AI Act, and NIS2. Plain-English report identifying every gap, its risk level, and remediation sequence. The foundation of every Sentinel engagement.
⚠ Without this — your regulatory exposure is unknown
🤖
Deadline Aug 2
AI Act Risk Classification
Systematic inventory and risk classification of every AI system your organisation uses. Produces the technical documentation, conformity assessment preparation, and governance framework required under the AI Act.
⚠ Unclassified AI systems — immediate enforcement risk from August 2
📄
Legally mandatory
GDPR Document Suite
Article 30 Record of Processing Activities, privacy policy, data breach response procedure, and data subject rights process — all tailored to your organisation's specific processing activities.
⚠ Absence of documentation — automatic finding in any DPC investigation
🌐
GDPR mandatory
Consent & Cookie Compliance
Compliant cookie consent mechanism, privacy notice, and consent management documentation. Non-compliant cookie implementations are the most frequently reported GDPR violation to the DPC.
⚠ Most frequently reported GDPR violation in Ireland
🏛️
AI Act required
AI Governance Framework
Human oversight procedures, AI transparency documentation, model governance policies, and bias monitoring requirements — required for all organisations operating high-risk AI systems under the AI Act.
⚠ No governance framework — non-compliant from August 2, 2026
🔗
All regulations
Third-Party & Supplier Management
Assessment of supplier relationships from a data processing perspective. Production of Data Processing Agreements for all processors. Protects your organisation if a supplier fails their obligations.
⚠ Controller liability extends to processor non-compliance
🛡️
NIS2 required
Cybersecurity & NIS2 Compliance
NIS2 incident response plan, cybersecurity risk assessment, technical security measures documentation, and board-level oversight framework. NIS2 is already in force — many organisations remain unaware of their obligations.
⚠ NIS2 is enforced now — not optional
🎓
GDPR + AI Act
Staff Training & Certification
GDPR requires documented annual staff training. AI Act requires AI literacy training. Custom modules for your industry — tracked completion, certificates issued, records audit-ready.
⚠ Absence of training records — a liability in any investigation
📡
Ongoing
Regulatory Monitoring
Continuous monitoring of EU regulatory developments. Sentinel alerts you when changes create new obligations and delivers updated documentation to reflect revised requirements.
✓ Regulatory changes actioned before they affect your position
Regulations covered
Five regulations. Complete coverage.
Every EU regulation that could affect your business — covered, documented, and monitored.
GDPR
General Data Protection Regulation
Up to €20M penalty
In force since 2018
AI Act
EU Artificial Intelligence Act
Up to €35M penalty
High-risk: August 2, 2026
NIS2
Network & Information Security
Up to €10M penalty
In force now
CSRD
Corporate Sustainability Reporting
Mandatory reporting
Phased 2024–2026
DORA
Digital Operational Resilience Act
Financial sector
In force January 2025
Industries served
The organisations with the greatest regulatory exposure.
🤖
Recruitment Agencies
AI CV screening and video interview tools are explicitly classified as HIGH RISK under AI Act Annex III. 88% of Irish recruiters now use AI screening — almost none are compliant.
Annex III HIGH RISK
💻
Technology & SaaS
Customer data at scale, AI features in product, and investors require compliance documentation at Series A. Non-compliance blocks fundraising and enterprise sales.
GDPR + AI Act
💳
Fintech & Financial
GDPR + DORA + AI Act simultaneously. AI-assisted credit assessment and fraud detection carry specific high-risk AI obligations under AI Act Annex III.
GDPR · DORA · AI Act
🏥
Healthcare Clinics
Health data is special category under GDPR — highest penalties and strictest processing conditions. Any clinic using digital records or AI diagnostic tools must be fully compliant.
Special category data
⚖️
Legal Practices
Privileged and sensitive client data with increasing AI tool deployment. A law practice with a data breach faces both regulatory and professional disciplinary consequences.
Privileged data risk
📣
Marketing Agencies
Every campaign touches GDPR. Cookie tracking, email marketing, behavioural targeting, customer profiling — all require documented legal bases. Controller and processor obligations apply.
GDPR · Consent · DPA
🛒
E-Commerce
Customer data at scale, payment processing, email lists, cookie consent, AI product recommendations — you process more data than almost any other SME category.
GDPR · High-volume data
🏢
HR Software Companies
AI in performance scoring, candidate matching, or retention prediction is Annex III high-risk. Products influencing employment decisions must be compliant before August 2.
Annex III HIGH RISK
Pricing
Fixed-price compliance. No hourly billing.
Law firms charge €200–500 per hour. A GDPR review routinely costs €3,000–8,000 before a single document is produced. Sentinel delivers everything at a defined scope and fixed price.
Founding client programme
Sentinel is accepting its inaugural client engagements. Founding clients receive direct access to our senior compliance team on every aspect of their project.
Direct senior accessFounding client pricing locked in30-day post-delivery support
✓ New to compliance? Begin with a one-time project. Monthly monitoring is available once your compliance baseline is established.
1–50 employees
Starter Engagement
AI Act Starter
€1,500
Fixed fee · Delivered within 7 business days
Law firm equivalent: €4,000–8,000+
AI system inventory across all tools in use
Risk classification under the EU AI Act
Compliance gap analysis — structured report
AI governance policy document
Privacy policy review and update
Delivery call with our team
30 days post-delivery email support
Law firm equivalent: €4,000–8,000+
10–150 employees
Most requested
AI Act Ready
€4,000
Fixed fee · Delivered within 14 business days
Law firm equivalent: €15,000–25,000+
All AI Act Starter deliverables
Complete AI Act documentation suite
Human oversight procedures
AI transparency notices
GDPR Article 30 Processing Register
Data breach response procedure
Staff AI literacy training module
Data Processing Agreements — 3 suppliers
Compliance evidence folder — audit-ready
Two delivery calls with our team
30 days post-delivery email support
Law firm equivalent: €15,000–25,000+
150–500 employees
Comprehensive
Full Compliance
€8,000
Fixed fee · Delivered within 21 business days
Law firm equivalent: €40,000–60,000+
All AI Act Ready deliverables
GDPR, AI Act, and NIS2 full coverage
NIS2 cybersecurity policy and incident plan
Supplier assessments — up to 10
Board compliance summary report
Staff GDPR training with certificates
Data Protection Officer advisory session
30 days post-delivery email support
Law firm equivalent: €40,000–60,000+
Monthly retainers are for organisations with an established compliance baseline. New to compliance?
Up to 100 employees
Starter Retainer
Sentinel Starter
€299/mo
Monthly · Cancel with one month's notice
€3,588/year — less than one solicitor consultation
Monthly regulatory update briefings
Document updates when guidance changes
Compliance status monitoring
Email advisory — one business day response
Annual compliance review consultation
100–250 employees
Growth Retainer
Sentinel Growth
€799/mo
Monthly · Annual plan available — ask for details
90% cheaper than a law firm monthly retainer
All Starter Retainer services
GDPR, AI Act, and NIS2 monitoring
Full document suite updates on regulatory change
New AI system risk assessments on request
Supplier assessments — up to 5 per month
Staff training module maintenance
Quarterly compliance review consultation
Law firm retainer: €3,000–8,000/month
🏢
Enterprise
Bespoke
For 250+ employee organisations requiring dedicated compliance management, multi-jurisdiction coverage, CSRD, and DORA.
Annual retainer: Commit annually and pay the equivalent of €208/month on the Growth plan — saving €1,089 versus the monthly rate. Ask about annual pricing on your call.
Sentinel provides compliance software and information services — not legal advice. All documentation should be reviewed by a qualified solicitor before formal reliance.
Full disclaimer →
Sentinel · EU Regulatory Risk Assessment
What is your organisation's estimated penalty exposure?
Answer 6 questions. Receive an evidence-based estimate of your exposure under GDPR and the EU AI Act — calculated on the actual legal penalty framework, not headline maximum figures.
⚖️ Based on GDPR Article 83 and EU AI Act Article 99 penalty framework. Does not constitute legal advice.
Question 1 of 6
Question 1 of 6
How many employees does your organisation have?
Company size is a primary factor in penalty calculation. EU AI Act Article 99(6) explicitly provides that SMEs receive proportionally adjusted penalties — for SMEs, fines are capped at the lower of the fixed amount or the revenue percentage, not the higher. This significantly affects your realistic maximum exposure.
1–10 employees
Micro-enterprise
SME AI Act protections apply in full
11–50 employees
Small enterprise
SME AI Act protections apply in full
51–250 employees
Medium enterprise
SME protections likely apply
250+ employees
Large organisation
Standard calculation — higher of fixed or % applies
Question 2 of 6
What is your organisation's approximate annual revenue?
GDPR penalties are calculated as up to 4% of global annual turnover. AI Act penalties for SMEs are the lower of the fixed amount or the percentage — meaning this figure directly determines your realistic maximum exposure, not the headline figures. Enter your best estimate.
€
€200K€500K€1M€3M€10M€50M
Question 3 of 6
What categories of personal data does your organisation process?
GDPR distinguishes between standard personal data and special categories. Special category data — health, financial, biometric, children's data — attracts significantly higher penalties and triggers stricter processing conditions. Select all that apply.
Basic contact data
Names, email addresses, phone numbers, postal addresses
Data relating to minors — attracts highest regulatory scrutiny
Special category data — severe penalty exposure
Question 4 of 6
Which AI systems does your organisation currently use or deploy?
The EU AI Act classifies AI systems by risk level. Annex III explicitly identifies high-risk applications — recruitment, credit assessment, healthcare, and public-facing decisions. These require full compliance documentation by August 2, 2026. Select all that apply.
None — we do not use AI tools
No AI exposure under the EU AI Act
General productivity AI (e.g. ChatGPT, Copilot, Gemini)
Used internally for drafting, summarisation, or research — limited or minimal risk
⚠ Annex III HIGH RISK — full compliance required by August 2, 2026
AI in healthcare or medical applications
Diagnostic support, patient triage, clinical decision support, medical imaging
⚠ Annex III HIGH RISK — full compliance required by August 2, 2026
AI customer service or chatbots
Automated customer support, virtual assistants, complaint handling AI
Question 5 of 6
Which compliance documents does your organisation currently have in place?
Existing compliance documentation is one of the primary mitigating factors under GDPR Article 83(2)(c) and AI Act Article 99. Regulators treat documented good-faith compliance efforts significantly more favourably. Each document you have reduces your estimated exposure.
GDPR-compliant privacy policy
Published on your website, covering all required information
✓ Reduces estimated exposure
Article 30 Record of Processing Activities
Documented register of all data processing activities, purposes, and legal bases
✓ Reduces estimated exposure — first document the DPC requests
Data breach response procedure
Documented procedure for identifying and notifying breaches within 72 hours
✓ Reduces estimated exposure
Compliant cookie consent mechanism
Genuine opt-in consent — no pre-ticked boxes, equal accept/reject options
✓ Reduces estimated exposure
Documented staff GDPR training records
Evidence of annual training with completion records
✓ Reduces estimated exposure
AI system inventory and risk classification
Documented inventory with risk classifications under the AI Act
✓ Significantly reduces AI Act exposure
Question 6 of 6
Has your organisation previously been subject to DPC investigation, complaint, or enforcement action?
Prior regulatory history is an explicit aggravating factor under GDPR Article 83(2)(i) and (j). A clean regulatory history is a mitigating factor that reduces penalty calculation.
No previous complaints, investigations, or enforcement actions
Clean regulatory history
Mitigating factor in fine calculation
A complaint or enquiry has been received
A complaint has been lodged but no formal finding has been made
A formal DPC investigation has been conducted
The DPC has opened or conducted a formal investigation
Sentinel combines advanced AI generation with professional compliance review. Every engagement is supported by CIPP/E certified compliance advisors — ensuring documentation meets the standards regulators and legal professionals expect.
🎓
CIPP/E Certified Advisors
Every Sentinel engagement is reviewed by a CIPP/E certified compliance professional. CIPP/E — Certified Information Privacy Professional (Europe) — is the recognised qualification standard for EU data protection and privacy compliance, awarded by the International Association of Privacy Professionals (IAPP).
⚖️
Legally Validated Frameworks
All document frameworks and templates are built against the current text of the applicable regulation. They are validated for accuracy before use and reviewed on a quarterly basis as regulatory guidance evolves. AI generates. Qualified professionals verify.
🔄
Quarterly Review Cycle
EU regulatory guidance changes continuously — the DPC alone issued 11 updates in 2024. All Sentinel document frameworks are reviewed quarterly to ensure they reflect the current regulatory position. AI Act implementation guidance is tracked as it is published through 2026 and 2027.
🤝
Solicitor Collaboration Model
Sentinel produces the substantive compliance documentation. Your solicitor reviews the finished suite and confirms legal readiness — typically 1–2 hours of their time rather than 20+ hours of original drafting. Professional oversight is maintained at a fraction of the cost.
What CIPP/E certification means for your organisation
The CIPP/E credential is awarded by the International Association of Privacy Professionals (IAPP) — the world's largest privacy professional organisation. It represents demonstrated knowledge of European data protection law, regulatory framework, and compliance practice. It is the qualification standard recognised by data protection authorities and legal professionals across the EU. When a Sentinel compliance advisor reviews your documentation, they bring this qualification and the current regulatory knowledge it represents.
✓
Recognised across all 27 EU member states
CIPP/E is the accepted professional standard for privacy compliance expertise throughout the European Union.
✓
Current regulatory knowledge maintained
Certification requires ongoing professional development — advisors remain current as regulations evolve.
✓
Every engagement reviewed before delivery
No Sentinel compliance pack is delivered without review by a CIPP/E certified advisor.
✓
Transparent about what we provide
Sentinel provides compliance software and information services — not legal advice. We always recommend solicitor review before formal reliance.
Frequently asked questions
Common questions answered.
Does the EU AI Act apply if we only use tools like ChatGPT?+
Yes. The AI Act applies to any organisation that deploys or uses AI systems — not solely to organisations that develop AI. If your organisation uses ChatGPT for client-facing communications, AI-assisted recruitment, AI-powered customer service, or any AI system that influences decisions about individuals, you have obligations under the Act. At minimum you must maintain an inventory and risk classification. High-risk applications require full documentation by August 2, 2026.
How does Sentinel's pricing compare to engaging a law firm?+
Law firms bill at €200–500 per hour. A GDPR compliance review routinely costs €5,000–15,000 in billable time. The AI Act documentation requirements add further scope. Sentinel's AI Act Ready package at €4,000 covers the equivalent documentation — defined scope, fixed price, 14-day delivery. The cost differential reflects the efficiency of our AI-assisted production model, reviewed by qualified compliance professionals, rather than traditional hourly billing.
Is Sentinel a law firm? Will I still need a solicitor?+
Sentinel is a compliance software and information service — not a law firm. We strongly recommend that all clients have their compliance documentation reviewed by a qualified solicitor before formal reliance. Sentinel makes this practical and affordable: your solicitor reviews a complete, professionally structured suite in 1–2 hours rather than drafting from first principles over 20+ hours. You retain professional oversight at approximately 10% of a full legal engagement cost.
What if the DPC contacts our organisation?+
Organisations with a Sentinel compliance pack are substantially better positioned. You will have: a documented Article 30 record, a data breach response procedure, evidence of staff training, an AI system inventory with risk classifications, and a structured evidence folder available for immediate production. DPC investigations take genuine, documented compliance effort into account when determining sanctions — organisations demonstrating good-faith compliance efforts are significantly less likely to receive the maximum penalty.
Do we require monthly monitoring or is a one-time engagement sufficient?+
For most organisations, a one-time project engagement establishes the compliance baseline. Monthly monitoring becomes operationally important when: you are growing rapidly and introducing new AI systems; you require automatic document updates as regulations evolve (the AI Act is implemented in phases through 2026 and 2027); or you need ongoing assurance your position remains current. We will advise you honestly on your consultation call whether ongoing monitoring is warranted.
Our organisation is not based in Ireland — do EU regulations still apply?+
Yes, in most cases. GDPR applies to any organisation that processes personal data of EU residents regardless of where the organisation is established. The AI Act applies to any AI system placed on the EU market or put into service in the EU — including systems operated by non-EU organisations. If your organisation has EU customers, EU employees, or EU-based operations of any kind, you have EU compliance obligations.
What is the realistic timeline to achieve compliance before August 2, 2026?+
The AI Act Starter package is delivered within 7 business days. AI Act Ready within 14 business days. Full Compliance within 21 business days. There is sufficient time to achieve compliance before the August 2 deadline — but the window is finite. Request a consultation and we will confirm your specific timeline and confirm that your organisation can be compliant before enforcement begins.
Contact Sentinel
Request a free compliance consultation.
A 20-minute call with our compliance team to assess your regulatory exposure, identify your gaps, and recommend the appropriate package. No payment required. No commitment.
We respond to all enquiries within one business day to confirm your consultation time. No automated responses — every enquiry is reviewed by our compliance team.
⏰ August 2, 2026 — 47 days remaining
If you want to be compliant before the AI Act enforcement date, enquire today. Delivery timelines range from 7 to 21 business days depending on the package selected.
Request a free consultation
Complete the form below and we will be in touch within one business day to confirm your appointment.
✓
Request received
Your email app has opened with your details pre-filled to hello@sentinel-firm.com. Please send it — we will confirm your consultation within one business day.
Legal Notice & Disclaimer
Sentinel is not a law firm and does not provide legal advice. All content, documents, reports, gap analyses, risk assessments, AI Act compliance packs, governance policies, and other materials provided through Sentinel's services are for informational and operational guidance purposes only and do not constitute legal advice. All documents should be reviewed by a qualified solicitor in your jurisdiction before formal implementation or submission to any regulatory authority. Use of Sentinel's services does not constitute or guarantee regulatory compliance. Sentinel accepts no liability for regulatory penalties, enforcement actions, or business losses. Sentinel is a compliance software and information service operating via sentinel-firm.com.
Terms of Service ·
Privacy Policy ·
Legal Disclaimer
