TCA supports SMEs in industries such as legal services, finance and healthcare, where compliance with the GDPR and nFADP is essential. Many of these customers are seeking data loss prevention (DLP) solutions but have limited budgets, staff, and expertise. Existing tools are often too complex or resource intensive. TCA required a practical DLP framework that would address the limitations of SMEs while providing robust protection for sensitive data.

The work began with a literature review to define DLP concepts, identify threats and outline legal requirements. Additionally, a requirements analysis for SMEs and TCAs served as the basis for selecting the tools. Microsoft 365 Purview, Safetica and Forcepoint were evaluated, with Purview and Safetica being tested in practice. Their features, integration and usability were assessed, and the results were combined with research findings to create a step-by-step, risk-based framework for SME-friendly DLP implementation.

The analysis revealed that SMEs struggle with high costs, complexity and a lack of expertise in the field of DLP. Microsoft 365 Purview proved effective for protecting clouds and emails, especially in Microsoft-integrated environments, while Safetica offered simpler endpoint configuration and strong local protection. Forcepoint could not be practically tested but served as a reference. The framework developed includes modular steps for role definition, tool introduction and policy setup, starting with the most critical data types. The focus is on step-by-step implementation to reduce disruption, integration with existing infrastructure to reduce effort, and ongoing user training to ensure compliance. For TCA customers, the combination of Purview for Cloud/Email with Safetica for Endpoints offers a balanced approach. The framework enables SMEs to meet legal requirements, strengthen data protection, and maintain daily operations without excessive complexity or costs, providing TCA with a repeatable framework for future implementations.