About 

Project ARC - AWARENESS RAISING CAMPAIGN FOR SMEs

THIS PROJECT HAS RECEIVED FUNDING FROM THE EUROPEAN UNION'S RIGHTS, EQUALITY AND CITIZENSHIP 2014-2019 PROGRAMME UNDER GRANT AGREEMENT N°874524.

DURATION OF THE PROJECT: 24 MONTHS, FROM MARCH 2020 UNTIL MARCH 2022

COORDINATOR: AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA (AZOP)- CROATIAN PERSONAL DATA PROTECTION AGENCY

BENEFICIARIES: DATA PROTECTION COMMISSION IRELAND (DPC), VRIJE UNIVERSITY BRUXELLES (VUB)

BACKGROUND:

Considering Regulation (EU) 2016/679 on the protection of natural persons regarding the processing and free movement of personal data (General Data Protection Regulation, GDPR), national Data Protection Authorities (DPAs) are required to take action to reach stakeholders through awareness-raising activities among business entities, in particular geared toward small and medium-sized enterprises (SMEs).

The new European regulation – GDPR – is the most important change in data privacy regulation in the last few decades. It harmonizes the data privacy laws across Europe; it will protect and empower all EU citizens data privacy and will reshape the way SMEs across the region approach data privacy. Failure of SMEs to prepare themselves for the adequate implementation of the policies and regulations concerning the data and processes they deal with, shall have great impact towards the growth of the SMEs customer relationship, client satisfaction, trust and brand image, and the economy in general. For these reasons, the GDPR's adequate implementation and a “step-by-step” guided methodology shall have great impact not only on the SMEs GDPR compliance, but on their reliability and trustworthiness as a business partner to work with.

Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka-AZOP) and Data Protection Commission Ireland during their every day work noticed that there is still a lot of ambiguities in the application of the GDPR by the  SMEs. These findings are also supported by a large number of written queries and even greater number of phone calls which this two authorities receive on daily basis. It is essential to emphasize that SMEs are still struggling with the implementation of the GDPR and sometimes do not even know how to begin in order to align their business activities with the GDPR requirements.

The issues, which are often discussed when we talk about SMEs and their doubts regarding data protection are related to processing of employees personal data, especially sensitive categories as biometric and health data, video surveillance systems in the working environment, working time records, monitoring of employees electronic communication, data processing that represent high risk for individuals, data processing for marketing purposes, designation of the data protection officer, the content of the record of processing activities, distinction between the function of controller and the processor, the content of the privacy policy etc.

Through this project AZOP and DPC will have an additional opportunity to help these subjects in full GDPR implementation and in understanding the importance of the personal data protection.

Overall expected direct result of ARC project is increased knowledge and understanding among SMEs, on the principles of data protection.on preparation on outcomes of the project.

Overall expected direct result of ARC project is increased knowledge and understanding among SMEs, on the principles of data protection.