Project ARC – AWARENESS RAISING CAMPAIGN FOR SMEs
Webiste: https://arc-rec-project.eu/
PROGRAMME: RIGHTS, EQUALITY AND CITIZENSHIP 2014-2019
DURATION OF THE PROJECT: 24 MONTHS, FROM MARCH 2020 UNTIL MARCH 2022
COORDINATOR: AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA (AZOP)- CROATIAN PERSONAL DATA PROTECTION AGENCY
BENEFICIARIES: DATA PROTECTION COMMISSION IRELAND (DPC), VRIJE UNIVERSITY BRUXELLES (VUB)
BACKGROUND:
Considering Regulation (EU) 2016/679 on the protection of natural persons regarding the processing and free movement of personal data (General Data Protection Regulation, GDPR), national Data Protection Authorities (DPAs) are required to take action to reach stakeholders through awareness-raising activities among business entities, in particular geared toward small and medium-sized enterprises (SMEs).
The new European regulation – GDPR – is the most important change in data privacy regulation in the last few decades. It harmonizes the data privacy laws across Europe; it will protect and empower all EU citizens data privacy and will reshape the way SMEs across the region approach data privacy. Failure of SMEs to prepare themselves for the adequate implementation of the policies and regulations concerning the data and processes they deal with, shall have great impact towards the growth of the SMEs customer relationship, client satisfaction, trust and brand image, and the economy in general. For these reasons, the GDPR’s adequate implementation and a “step-by-step” guided methodology shall have great impact not only on the SMEs GDPR compliance, but on their reliability and trustworthiness as a business partner to work with.
Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka-AZOP) and Data Protection Commission Ireland during their every day work noticed that there is still a lot of ambiguities in the application of the GDPR by the SMEs. These findings are also supported by a large number of written queries and even greater number of phone calls which this two authorities receive on daily basis. It is essential to emphasize that SMEs are still struggling with the implementation of the GDPR and sometimes do not even know how to begin in order to align their business activities with the GDPR requirements.
The issues, which are often discussed when we talk about SMEs and their doubts regarding data protection are related to processing of employees personal data, especially sensitive categories as biometric and health data, video surveillance systems in the working environment, working time records, monitoring of employees electronic communication, data processing that represent high risk for individuals, data processing for marketing purposes, designation of the data protection officer, the content of the record of processing activities, distinction between the function of controller and the processor, the content of the privacy policy etc.
Through this project AZOP and DPC will have an additional opportunity to help these subjects in full GDPR implementation and in understanding the importance of the personal data protection.
OVERALL OBJECTIVE: is enabling the Croatian and Irish DPAs in raising awareness about GDPR compliance among SMEs in Croatia and Ireland, as well as providing direct guidance to these businesses on practical implementation of the personal data protection laws.
MAIN ACTIVITIES:
– Reaching the target group for the purpose of conducting a survey
– Examining SMEs awareness on personal data protection and implementing GDPR
– Confirmation of previously identified needs and determination of new ones
– Providing materials for consultation participants
– Help SMEs in implementing GDPR through direct consultations
– Exchange of experiences and showing the best practices regarding the implementation of GDPR for SMEs, presentations of experts in the field of personal data protection
– Creating a website as a tool for effective information and promotion of the project and sharing materials for SMEs and providing materials for website of the project
– Dissemination of information about the project in order to reach as many interested SMEs as possible and communicate about the project results
EXPECTED RESULTS:
– increased knowledge and understanding among business stakeholders, in particular small and medium-sized enterprises, about data protection rules;
– increased awareness of data protection among the general public