SupporT small And medium enterprises on the data protection Reform II

General Data Protection Regulation (GDPR): what are the challenges?

The EU General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that requires organisations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

The GDPR has impacted the functions of organisations across Europe, particularly Small and Medium Enterprises (SMEs). However, while multinational corporations and big companies have embarked in extensive audit and implementation programmes to ensure adequate compliance with this new legislation; SMEs seem to lack awareness of the GDPR’s impact on their organisation and are lagging behind in taking necessary actions to adopt the new measures.


Upholding GDPR in small and medium enterprises

How can we support SMEs to increase their awareness of, and implement the GDPR?

The STAR II project will support SMEs in adopting the GDPR by reviewing state of the art in awareness-raising activities and planning effective, subsequent activities, including:

  • Awareness-raising campaigns to ensure that the widest possible number of companies know about their obligations under the GDPR regime
  • Trial hotline to respond to SME’s questions and doubts
  • Digital guide and FAQ based handbook for SME’s on EU personal data protection law
  • Reviewing the state of the art in Data Protection Authorities’ (DPAs) awareness-raising activities, including conducting stakeholder engagement activities to hear their points of view and planning effective, subsequent activities
  • Reaching out to a statistically-relevant sample of SMEs to analyse their experience with the GDPR in the first months of its applicability
  • Running awareness-raising campaigns to ensure that the widest possible number of companies knows about their obligations under the GDPR regime
  • Assist SMEs by setting up a trial hotline to respond to SMEs’ questions and doubts
  • Assist DPAs by creating a digital guide containing information on the best practices in running a hotline and running awareness-raising campaigns.
  • Providing a solid base for GDPR implementation by creating an innovative, FAQ-based handbook for SMEs on EU personal data protection law


Working with end-users to assess their needs

Trilateral hosts semi-structured interviews with Data Protection Advisors to understand the complexities and challenges SMEs face with regards to implementing and upholding the EU data protection reform package.

The interviews deepen and clarify the scope of awareness-raising and assistance required for the implementation of GDPR within SMEs.


Enhancing impact by creating knowledge exchange opportunities for data protection authorities and small and medium enterprises

Trilateral works on enhancing the project findings by creating a network including data protection advisors and SMEs representatives, amplifying STAR II’s results and encouraging the uptake of the project’s resources to increase awareness of the GDPR and support SMEs in successfully complying with the new legislation.


For more information and updates visit the STAR project website and follow us on Twitter.


The STAR II project – Support Small and Medium Enterprises on the Data Protection Reform II – has received funding from the European Union’s Rights, Equality and Citizenship Programme 2014-2020, under grant agreement No. 814775


Please contact our team for more information:

David Barnard-Wills, Senior Research Manager at Trilateral Research


STAR II’s CPDP Panel: ‘The GDPR is easy: (Un)tangling SMEs compliance hurdles’

STAR II’s CPDP Panel: ‘The GDPR is easy: (Un)tangling SMEs compliance hurdles’

On 22 January 2020, the STAR II project jointly hosted with the Horizon2020 SMOOTH project, a panel at the 13th
GDPR challenges SMEs

What are the challenges that SMEs are facing in complying with the GDPR? A view from the field

Since the GDPR came into force in May 2018, organisations of all sizes have been grappling with the principle-based regulation.
GDPR training

Developing GDPR training materials for data protection authorities

We are delighted to introduce the STAR GDPR training material. As a result of the collaboration between the Law, Science,

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.