DPL17 001 Star II baseline cmyk 300x119 1


General Data Protection Regulation (GDPR): what are the challenges?

The EU General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that requires organisations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

The GDPR has impacted the functions of organisations across Europe, particularly Small and Medium Enterprises (SMEs). However, while multinational corporations and big companies have embarked in extensive audit and implementation programmes to ensure adequate compliance with this new legislation; SMEs seem to lack awareness of the GDPR’s impact on their organisation and are lagging behind in taking necessary actions to adopt the new measures.

Upholding GDPR in small and medium enterprises

How can we support SMEs to increase their awareness of, and implement the GDPR?

The STAR II project will support SMEs in adopting the GDPR by reviewing state of the art in awareness-raising activities and planning effective, subsequent activities, including:

  • Awareness-raising campaigns to ensure that the widest possible number of companies know about their obligations under the GDPR regime
  • Trial hotline to respond to SME’s questions and doubts
  • Digital guide and FAQ based handbook for SME’s on EU personal data protection law
  • Reviewing the state of the art in Data Protection Authorities’ (DPAs) awareness-raising activities, including conducting stakeholder engagement activities to hear their points of view and planning effective, subsequent activities
  • Reaching out to a statistically-relevant sample of SMEs to analyse their experience with the GDPR in the first months of its applicability
  • Running awareness-raising campaigns to ensure that the widest possible number of companies knows about their obligations under the GDPR regime
  • Assist SMEs by setting up a trial hotline to respond to SMEs’ questions and doubts
  • Assist DPAs by creating a digital guide containing information on the best practices in running a hotline and running awareness-raising campaigns.
  • Providing a solid base for GDPR implementation by creating an innovative, FAQ-based handbook for SMEs on EU personal data protection law

Working with end-users to assess their needs

Trilateral hosts semi-structured interviews with Data Protection Advisors to understand the complexities and challenges SMEs face with regards to implementing and upholding the EU data protection reform package.

The interviews deepen and clarify the scope of awareness-raising and assistance required for the implementation of GDPR within SMEs.

Enhancing impact by creating knowledge exchange opportunities for data protection authorities and small and medium enterprises

Trilateral works on enhancing the project findings by creating a network including data protection advisors and SMEs representatives, amplifying STAR II’s results and encouraging the uptake of the project’s resources to increase awareness of the GDPR and support SMEs in successfully complying with the new legislation.

EU flag yellow low e1523448262817
The STAR II project - Support Small and Medium Enterprises on the Data Protection Reform II - has received funding from the European Union’s Rights, Equality and Citizenship Programme 2014-2020, under grant agreement No. 814775

Learn more about our research in the field of

Ethics, Human Rights & Emerging Technologies

Let's discuss your career