• direct beneficiaries of the project: SMEs in Croatia and Ireland
  • indirect beneficiaries of the project: all residents of Croatia and Ireland, whose data is processed by SMEs participating in the project, SMEs in other European countries



  • 32 awareness-raising onsite consultations for SMEs in Croatia and Ireland
  • 1 website in Croatian and English language
  • 2 international conferences- one iz Croatia, one in Ireland
  • Publication which will contain all templates of documents prepared by DPAs for SMEs and will concern the implementation of the GDPR in their business
  • Publication which will contain statistical data, e.g. information about: how many SMEs took part in the project, what the survey looked like, what we were asking about, what was the responsiveness. What is more, publication will contain the results of the surveys, information about site consultations DPAs will carried out and other conclusions from the implementation of the project.
  • 4 articles in newspapers
  • 10 e-mail campaigns
  • 2 press conferences
  • 2 interviews with project experts
  • digital media campaign
  • animated promo video
  • multiple disseminations materials


For the SMEs, which will be invited to participate in the onsite consultations and receive individual advice from the data protection experts, the short-term result will be their immediate improved compliance with the GDPR requirements. As medium-term result, they will learn what are the DPAs expectations toward them in general, what are dos and don’ts in personal data protection and how to improve their overall accountability. Obtained hands-on advice and educational materials will also contribute in a long term to higher level of awareness within SME data controllers about good privacy and personal data security practices. Indirectly, natural persons, who are data subjects of these SMEs, will also benefit in a long term from the project outcome, because good knowledge and practices of data controllers lead to higher level of privacy and minimized risk to rights and freedoms of these persons.

For the DPAs, the short term expected results are obtaining detailed knowledge about specific challenges that SME data controllers face when implementing GDPR and helping them to address these challenges. Information obtained from the survey combined with the feedback from the onsite consultations will allow both DPAs to check their effectiveness when educating and communicating with SME data controllers and if needed, adjust their methods. In a long term, national DPAs should be perceived in more positive light, seen not only as the supervisory agencies by the SMEs, but also as willing to cooperate in improving data protection compliance.