SupporT small And medium enterprises on the data protection Reform II



The EU General Data Protection Regulation (Regulation EU 2016/679 – GDPR) became applicable on 25 May 2018. One of the main goals of an EU Regulation is to ensure that a uniform, and not simply harmonised, law applies throughout the Union and, with particular regard to data protection, leads to residents of each Member State being able to enjoy and to enforce the same set of rights.

The GDPR will impact all functions in every organisation in Europe and potentially overseas. In fact, companies bear the burden in terms of adopting the correct measures to ensure adequate compliance with this legislation. While multinational corporations and big companies seem to have embarked in extensive audit and implementation programmes, Small and Medium Enterprises (SMEs) seem to lag behind not only with regard to taking action, but also in terms of sheer awareness of the GDPR’s impact on their organisation.



The STAR II project aims to tackle lack of awareness by creating several awareness-raising tools and campaigns targeting SMEs throughout Europe and overseas. This final objective will be achieved by working on four sub-objectives:

  • Reviewing the state of the art in Data Protection Authorities’ (DPAs) awareness-raising activities, including conducting stakeholder engagement activities to hear their points of view and planning effective, subsequent activities
  • Reaching out to a statistically-relevant sample of SMEs to analyse their experience with the GDPR in the first months of its applicability
  • Running awareness-raising campaigns to ensure that the widest possible number of companies knows about their obligations under the GDPR regime
  • Assist SMEs by setting up a trial hotline to respond to SMEs’ questions and doubts
  • Assist DPAs by creating a digital guide containing information on the best practices in running a hotline and running awareness-raising campaigns.
  • Providing a solid base for GDPR implementation by creating an innovative, FAQ-based handbook for SMEs on EU personal data protection law

The research consortium, composed of the Hungarian Data Protection Authority (coordinator), the Free University of Brussels, and Trilateral Research, is convinced that achieving these ambitious objectives is a necessary step towards a harmonised implementation of the GDPR by companies in the Union.


Our Role

Building upon our longstanding and fruitful collaboration with DPAs across Europe and beyond in the STAR and PHAEDRA I and II projects, as well as its proven knowledge and expertise in data protection, Trilateral Research is leading the state-of-the-art mapping and stakeholder-engagement activities of STAR II, which includes analysing the DPAs’ GDPR-awareness raising activities for SMEs and interviewing a relevant group of SMEs and SME associations.

Moreover, our team is actively contributing to the development of a hotline/service-desk service for SMEs to contact the consortium and request information on the GDPR.

Finally, Trilateral Research is leading the project’s dissemination and outreach work, which will ensure that all stakeholders are apprised of the final outputs of the project, and that the project deliverables are taken into adequate consideration in the regulatory, academic, and commercial worlds.



The consortium will draft several reports at the conclusion of each phase of the project. Beyond those reports, the project will produce the following outputs:

  • preparation and running of awareness-raising campaign for SMEs
  • preparation and running of an advisory hotline for SMEs
  • drafting and validation of a best-practices guide for DPAs
  • drafting and validation of a GDPR handbook for SMEs



For more information and updates visit the STAR project website and follow us on Twitter @projectSTAR_eu


STAR II’s CPDP Panel: ‘The GDPR is easy: (Un)tangling SMEs compliance hurdles’

STAR II’s CPDP Panel: ‘The GDPR is easy: (Un)tangling SMEs compliance hurdles’

On 22 January 2020, the STAR II project jointly hosted with the Horizon2020 SMOOTH project, a panel at the 13th
GDPR challenges SMEs

What are the challenges that SMEs are facing in complying with the GDPR? A view from the field

Since the GDPR came into force in May 2018, organisations of all sizes have been grappling with the principle-based regulation.
GDPR training

Developing GDPR training materials for data protection authorities

We are delighted to introduce the STAR GDPR training material. As a result of the collaboration between the Law, Science,


Please contact our team for more information:

David Barnard-Wills, Senior Research Manager at Trilateral Research

The STAR II project – Support Small and Medium Enterprises on the Data Protection Reform II – has received funding from the European Union’s Rights, Equality and Citizenship Programme 2014-2020, under grant agreement No. 814775

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.