SupporT small And medium enterprises on the data protection Reform II

DPL17 001 Star II baseline cmyk 300x119 1

General Data Protection Regulation (GDPR): what are the challenges?

The EU General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that requires organisations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

The GDPR has impacted the functions of organisations across Europe, particularly Small and Medium Enterprises (SMEs). However, while multinational corporations and big companies have embarked in extensive audit and implementation programmes to ensure adequate compliance with this new legislation; SMEs seem to lack awareness of the GDPR’s impact on their organisation and are lagging behind in taking necessary actions to adopt the new measures.

Upholding GDPR in small and medium enterprises

How can we support SMEs to increase their awareness of, and implement the GDPR?

The STAR II project will support SMEs in adopting the GDPR by reviewing state of the art in awareness-raising activities and planning effective, subsequent activities, including:

  • Awareness-raising campaigns to ensure that the widest possible number of companies know about their obligations under the GDPR regime
  • Trial hotline to respond to SME’s questions and doubts
  • Digital guide and FAQ based handbook for SME’s on EU personal data protection law
  • Reviewing the state of the art in Data Protection Authorities’ (DPAs) awareness-raising activities, including conducting stakeholder engagement activities to hear their points of view and planning effective, subsequent activities
  • Reaching out to a statistically-relevant sample of SMEs to analyse their experience with the GDPR in the first months of its applicability
  • Running awareness-raising campaigns to ensure that the widest possible number of companies knows about their obligations under the GDPR regime
  • Assist SMEs by setting up a trial hotline to respond to SMEs’ questions and doubts
  • Assist DPAs by creating a digital guide containing information on the best practices in running a hotline and running awareness-raising campaigns.
  • Providing a solid base for GDPR implementation by creating an innovative, FAQ-based handbook for SMEs on EU personal data protection law

Working with end-users to assess their needs

Trilateral hosts semi-structured interviews with Data Protection Advisors to understand the complexities and challenges SMEs face with regards to implementing and upholding the EU data protection reform package.

The interviews deepen and clarify the scope of awareness-raising and assistance required for the implementation of GDPR within SMEs.

Enhancing impact by creating knowledge exchange opportunities for data protection authorities and small and medium enterprises

Trilateral works on enhancing the project findings by creating a network including data protection advisors and SMEs representatives, amplifying STAR II’s results and encouraging the uptake of the project’s resources to increase awareness of the GDPR and support SMEs in successfully complying with the new legislation.


For more information and updates visit the STAR project website and follow us on Twitter.

EU flag
The STAR II project – Support Small and Medium Enterprises on the Data Protection Reform II – has received funding from the European Union’s Rights, Equality and Citizenship Programme 2014-2020, under grant agreement No. 814775

David Barnard-Wills

David Barnard-Wills is Senior Research Manager at Trilateral Research.

Related insights

The GDPR made simpler for small and medium enterprises – New book from Trilateral Research

Getting data protection right can be a challenge for small businesses. Unlike their larger competitors, they often can’t afford a data protection specialist on staff and building new systems to manage …

Helping SMEs better cope with the GDPR

As part of the STAR II project, TRI has been working on better understanding how small and medium enterprises (SMEs) have coped with the GDPR, and the challenges they have faced. The project has also r…

What are the challenges that SMEs are facing in complying with the GDPR? A view from the field

Since the GDPR came into force in May 2018, organisations of all sizes have been grappling with the principle-based regulation. Some larger organisations, benefiting from greater resources, were able t…

Sign up for our newsletter

Join our mailing lists to receive updates about our latest research and to hear about our free public events and exhibitions.  If you would like to find out more about how we manage your personal information please see our privacy policy.