In May 2015, the European Commission published the “Digital Single Market Strategy for Europe”. As part of this strategy, the Commission focuses on the need to facilitate access to online markets, the enhancement of the impact of digital networks and the advancement of digital transformation of small and medium-sized enterprises (SMEs), which are about 99% of all the European businesses.
Following this strategy, the new unified rules introduced by the GDPR will facilitate easier access for small and medium-sized enterprises to new markets. At the same time, given the more limited opportunities and in many cases the lack of specialized expertise, the practical application of privacy protection regulations poses certain challenges for the SMEs.
Just like the large companies, SMEs need to proactively implement measures to respect the rights of data subjects.
Some of the actions that each company is required to take are as follows:
- to protect the rights of the data subjects, who have shared their personal information;
- to implement data protection by design, i.e. to put in place data protection mechanisms in products and services as soon as they are created;
- if processing data from another organisation, to make sure that a contract has been signed with the specific responsibilities of each party;
- to verify if the requirement for the appointment of a personal data protection officer is mandatory in its particular case.
Our experts work with industry organizations to develop good practices, solutions and recommendations to help SMEs in the implementation of the relevant legislation.