Small and medium-sized companies often feel they lack the resources or the expertise to manage their data protection obligations. In this user-friendly and free to download handbook, we offer guidance and practical suggestions for small and medium-sized enterprises (SMEs) that could facilitate compliance with the General Data Protection Regulation (GDPR). The Handbook explains how to navigate the barrage of resources available on GDPR. In doing so it provides an overview of the main actors in the European data protection landscape. It also clarifies the scope of data protection law and the scope of its application to SMEs. The Handbook introduces concepts and principles that form the crux of personal data protection legal framework and then it unpacks the theory and practice of the risk-based approach to personal data protection.
The Handbook goes beyond describing GDPR provisions and obligations stemming from them. It includes a set of proactive measures that were put forward by European DPAs and bodies. In addition, it provides references to other publicly available (open access) resources that also provide practical suggestions.