Small and medium-sized companies have data protection responsibilities under the GDPR. EU Data protection authorities have a legal duty to raise awareness and educate about these issues. Based upon interviews and surveys Trilateral conducted with SMEs, data protection authorities, data protection officers and industry bodies, this paper explored their perceptions and concerns. In this paper we explored the potential advantages for authorities and for companies, that can be gained by increased collaboration between data protection authorities and SME organisations, sector and industry bodies. The paper also presents the state of the art in the methods and channels that data protection authorities use to reach SMEs.
