Data protection opening doors into Europe for SMEs

Based on experiences and surveys, many small and medium-sized enterprises require extra information and support in data protection issues, both in Finland and elsewhere in Europe.

One of the objectives of the European Union’s General Data Protection Regulation (GDPR) is to reduce obstacles in the way of companies expanding into the EU’s single market. According to the Commission’s GDPR report published in June, some stakeholders find proper application of the GDPR challenging especially for SMEs, and businesses require more support to facilitate the application of the regulation. The GDPR2DSM project, which begins in November, was created to meet this need.

The Office of the Data Protection Ombudsman and TIEKE have been granted EU project funding in order to produce an easy-to-use tool for SMEs. The objective is to create a tool to enable SMEs to assess their data protection practices without prior expertise of data protection.

This project will strengthen SMEs’ ability to ensure their data processing practices meet the GDPR requirements.

Appropriate data protection practices help build trust in transactions between both consumers and businesses, along with providing SMEs with better opportunities to expand into the international market.

According to a recent Sitra survey, nearly half the SMEs in Finland had reservations regarding the possibilities of the data economy, and a fifth felt negatively towards the issue. According to the GDPR Small Business Survey conducted in four European countries in 2019, about half of SMEs were unsure whether they complied with the GDPR requirements.

“It is important for businesses to understand the value of data and data protection. I hope that data protection is not seen as an expense, but as a facilitator of business and a competitive advantage”, says Data Protection Ombudsman Anu Talus.

The project will begin by identifying the data protection needs of SMEs and the challenges they have encountered. The results will serve as the project work guideline as well as a basis for co-development with businesses.

The objective of the project and the tool it was created to develop is to increase basic knowledge and assist SMEs and micro enterprises, especially those which find the application of the GDPR challenging. In the optimal scenario, this will also facilitate small businesses moving their operations into a digital environment and the EU’s single market.

The combination of letters in the name refers to the General Data Protection Regulation and the EU’s Digital Single Market.

The GDPR (General Data Protection Regulation) is a law regulating the processing of personal data, which was adopted in all EU countries in the spring of 2018.

DSM, in turn, refers to Europe’s Digital Single Market, whose development is primarily about removing national barriers to online business transactions.

Data protection is a valuable asset and a competitive advantage, both throughout the EU and globally. Ensuring proper data protection enables businesses to trade and cooperate more easily across borders, with international customers.

The longer version of the two-year GDPR2DSM project starting in November outlines the objective: GDPR opening doors to the digital single market: SME centric online tools and support for leveraging the opportunity.

The pilot phase of the project will be carried out in Finland, after which the results can be applied in other EU countries.