Project ARC – AWARENESS RAISING CAMPAIGN FOR SMEs
PROGRAMME: RIGHTS, EQUALITY AND CITIZENSHIP 2014-2019
DURATION OF THE PROJECT: 24 MONTHS, FROM MARCH 2020 UNTIL MARCH 2022
COORDINATOR: AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA (AZOP)
BENEFICIARIES: DATA PROTECTION COMMISSION IRELAND (DPC), VRIJE UNIVERSITY BRUXELLES (VUB)
BACKGROUND:
Considering Regulation (EU) 2016/679 on the protection of natural persons regarding the processing and free movement of personal data (General Data Protection Regulation, GDPR), national Data Protection Authorities (DPAs) are required to take action to reach stakeholders through awareness-raising activities among business entities, in particular geared toward small and medium-sized enterprises (SMEs).
The new European regulation – GDPR – is the most important change in data privacy regulation in the last few decades. It harmonizes the data privacy laws across Europe; it will protect and empower all EU citizens data privacy and will reshape the way SMEs across the region approach data privacy. Failure of SMEs to prepare themselves for the adequate implementation of the policies and regulations concerning the data and processes they deal with, shall have great impact towards the growth of the SMEs customer relationship, client satisfaction, trust and brand image, and the economy in general. For these reasons, the GDPR’s adequate implementation and a “step-by-step” guided methodology shall have great impact not only on the SMEs GDPR compliance, but on their reliability and trustworthiness as a business partner to work with.
Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka-AZOP) and Data Protection Commission Ireland during their every day work noticed that there is still a lot of ambiguity in the application of the GDPR by the SMEs. These findings are also supported by a large number of written queries and even greater number of phone calls which this two authorities receive on daily basis. It is essential to emphasize that SMEs are still struggling with the implementation of the GDPR and sometimes do not even know how to begin in order to align their business activities with the GDPR requirements.
The issues, which are often discussed when we talk about SMEs and their doubts regarding dana protection are related to processing of employees personal data, especially sensitive categories as biometric and health data, video surveillance systems in the working environment, working time records, monitoring of employees electronic communication, data processing that represent high risk for individuals, data processing for marketing purposes, designation of the data protection officer, the content of the record of processing activities, distinction between the function of controller and the processor, the content of the privacy policy etc.
Through this project AZOP and DPC will have an additional opportunity to help these subjects in full GDPR implementation and in understanding the importance of the personal data protection.
The goal of the survey conducted at the beginning of the project is better understanding and assessment of the specific needs the SMEs have so we can fine tune the rest of the planned project activities. VUB experts have additional experience in running analytical projects, which will be extremely important in the implementation of WP 2, that is, conducting a survey of needs among SMEs and analysing its results. VUB’s involvement in the project will provide substantive support. Also, VUB is engaged in the preparatory processes of the educational materials, in particular concerning the connection of ARC with other projects, funded by the REC-RDAT-TRAI-AG topic, with special attention to STAR and STAR II (http://www.project-star.eu/). Such connection will allow the ARC consortium not only to develop educational materials but effectively build on the findings of previous projects, facilitating thus a harmonized approach among EU DPAs to ensure compliance with the GDPR and data protection practices of SMEs.
OVERALL OBJECTIVE: is enabling the Croatian and Irish DPAs in raising awareness about GDPR compliance among SMEs in Croatia and Ireland, as well as providing direct guidance to these businesses on practical implementation of the personal data protection laws.
MAIN ACTIVITIES:
– Reaching the target group for the purpose of conducting a survey
– Examining SMEs awareness on personal data protection and implementing GDPR
– Confirmation of previously identified needs and determination of new ones
– Providing materials for consultation participants
– Help SMEs in implementing GDPR through direct consultations
– Exchange of experiences and showing the best practices regarding the implementation of GDPR for SMEs, presentations of experts in the field of personal data protection
– Creating a website as a tool for effective information and promotion of the project and sharing materials for SMEs and providing materials for website of the project
– Dissemination of information about the project in order to reach as many interested SMEs as possible and communicate about the project results
EXPECTED RESULTS:
– increased knowledge and understanding among business stakeholders, in particular small and medium-sized enterprises, about data protection rules;
– increased awareness of data protection among the general public