On 24th August 2022 project partners in the ARC project (Croatian Personal Data Protection Agency, Data Protection Commission Ireland, Vrije University Brussel) held a hybrid wrap-up meeting in Brussels. The goal was to take stock of project results, determine actions that need to be taken for the successful completion of the project and to exchange experiences and insights regarding GDPR implementation in SMEs with stakeholders, as well as to disseminate the project results.
The main goal of the ARC project co-financed under the EU “Rights, Equality and Citizenship Programme, was to provide support to small and medium-sized enterprises in aligning their business processes with the data protection legal framework.
The meeting was attended by representatives of the European Commission, the European Data Protection Board, data protection authorities, SMEs, legal practitioners and representatives of the Croatian Chamber of Economy and the Croatian Employers’ Association.
Zdravko Vukić, director of the Croatian Personal Data Protection Agency, Igor Vulje, member of the ARC Steering Committee, Prof. Dr. Paul de Hert, Vrije University Brussel, member of the ARC Steering Committee, Bruno Gencarelli, Deputy to the Director for Fundamentals Rights and the Rule of Law, and Head of the International Data Flows and Protection unit at the European Commission gave opening speeches and the results of the project were presented by project manager Anamarija Mladinić, Croatian DPA, MB Donnelly, Assistant Commissioner, Data Protection Commission, member of the ARC Steering Committee and Ashwinee Kumar on behalf of the Vrije University Brussel.
Why the ARC project? It has been more than 4 years since GDPR came into effect, but SMEs in Croatia and Ireland, as well as throughout the EU, still struggle with understanding of their obligations arising from the GDPR and aligning their business processes with the data protection legal framework. Unlike large companies, small and medium-sized enterprises very often lack the human and financial resources needed for the implementation of the GDPR.
European Commission acknowledges that GDPR is challenging especially for SMEs, therefore financially supports the activities of data protection authorities aimed at underpinning SMEs in their efforts to comply with the GDPR.
The European Commission encourages data protection authorities to develop practical tools, especially digital tools that can be replicated in other Member States, practical guidance written in plain language, templates and forms to help low-risk SMEs meet their obligations.
All participants agreed that the ARC project was very successful and that contributed to the improvement of the GDPR compliance in SMEs. However, the level of compliance is still not at satisfactory level among Croatian SMEs. For that reason, the Croatian DPA will continue to conduct educational activities and awareness-raising activities within project ARC II.
Summary of the ARC project:
Project is divided in 5 work packages:
WP1 Project management & coordination: After Kick-off meeting report, Progress report, After Coordination meetings reports, The Steering Committee terms of reference, Wrap-up meeting report
WP2 Identification of target groups and surveys: Survey report conducted with Croatian and Irish SMEs, Topics for materials for consultations
WP3 Educational materials preparation and awareness campaign: Materials for onsite consultations for SMEs, 32 awareness-raising onsite consultations
WP4
FINAL OUTPUT: Conferences in Zagreb and Dublin, Publication- a collection of materials helpful in the implementation of the GDPR, Publication with the statistical data
WP5 DISSEMINATION AND COMMUNICATION: Website of the project and Tools for media campaign, animated promotional video
Project results:
- 31 workshops (consultations) conducted for SMEs from all over the Republic of Croatia, more than 2000 participants (10 onsite, 21 online due to pandemic restrictions), 14 online workshops (consultations) for Irish SMEs, more than 1000 participants
- Full support of the Croatian Chamber of Economy (sending invitations for workshops, registration of participants, technical support, providing venue for workshops free of charge, press releases, newsletters)
- Additional value: records of the workshops for the Croatian SMEs available at: https://digitalnakomora.hr/e-ucenje/baza-znanja, educational portal of the Croatian Chamber of Economy, available for free to all the Croatian SMEs
- ARC project website developed https://arc-rec-project.eu/ with guidance and educational materials for SMEs: Guidance on Information security, Guidance on cookies, Guidance on videosurveillance, GDPR-short guidance, Guidance – How to draft privacy policy, Guidance- Data protection principles, Gudiance- Data breach notifications, self-assesment checklist on compliance with the GDPR, self-assessment checklist on technical and organisational measures (AZOP, DPC and VUB), infographics, templates, FAQs and presentations
- Additional value: mobile application GDPR CROATIA with all the materials developed within the ARC project
- Digital media campaign: Facebook, Twitter, LinkedIn, newsletters, publications in digital and print media (AZOP, DPC, VUB)
- Animated promo movie developed (AZOP, DPC, VUB)
Goals achieved:
- Increased knowledge and improved understanding on data protection among Croatian and Irish SMEs
- Increased level of awareness on personal data protection among general public
- Needs of the target group identified through survey and workshops with SMEs
- Developed educational materials: guidance, guidelines, templates, infographics self assessment questionnaires tailored to the needs of SMEs
- Consultations (workshops) conducted, organized 2 conferences
- Croatian and Irish SMEs received concrete help and support in implementing the GDPR
- Dissemination of project results through media and social media to reach as many SMEs as possible and communicate about the project results
