A new tool to help SME business owners to assess their data protection practices
Data economy

A new tool to help SME business owners to assess their data protection practices

Data protection is a competitive advantage for small- and medium-sized companies. The English version will be published in the autumn of 2022.

GDPR2DSM, a co-project of the Office of the Data Protection Ombudsman and TIEKE (Finnish Information Society Development Centre), is developing a freely available tool for small- and medium-sized companies to help them improve their data protection competence, evaluate the present state of their processes, and get further advice on how they can improve their practices. The first version of the tool was published in Finnish on International Data Protection Day, 28 January 2022.  

Appropriate data protection processes increase a company’s reliability in business operations, both in relation to consumers and other companies, and it can improve the business prospects of small- and medium-sized companies in the EU market. Many small- and medium-sized businesses need more information and support in data protection questions, not only in Finland but also across Europe.  

The EU project funding granted to the Office of the Data Protection Ombudsman and TIEKE has resulted in the development of an easy-to-use tool for small- and medium-sized businesses. A specific goal of the events and self-assessment tool of the GDPR2DSM project is to offer help for those micro-, small- and medium-sized companies that find it challenging to follow the General Data Protection Regulation.  

Data Protection Tool developed in collaboration with SMEs

A key goal of the project is creating a tool that companies can use for assessing their data protection measures without expertise in data protection matters. The development project is based on a needs assessment survey that was completed in early 2021. The results of the survey were used in the development of the tool in a collaborative project with companies.  

The invaluable input of the companies has made is possible to create an easy-to-use tool from which businesses genuinely benefit. Feedback suggests that the tool is found useful both in the business-owner’s competence building and employee training.  

The GDPR sets different types of obligations depending on the tasks of the company. An organisation can be either a data controller, processor or joint controller. The user of the tool starts out by selecting a role and answers questions based on the role. If it feels difficult to pick a role, the user can establish their role with the help of additional questions.  

Relevant questions are at the core of the data protection tool. It helps the respondent to assess how the company has acknowledged the key elements of the General Data Protection Regulation. To conclude the assessment, the respondent receives a report that includes recommendations for measures to be taken and where to find more information.  

The first English version of the tool will be published in September and the development work with the tool will continue into the autumn of 2022. Feedback concerning both the functions and contents of the tool is welcome for further development.  

Data protection tool incorporated into a larger databank of materials  

The data protection self-assessment tool is published on a website that will include, in addition to the tool, other materials intended for the use of small- and medium-sized companies. The tool will also be translated into Swedish and English, which means that it can be used in other EU Member States, too. The English version will be published in September of 2022. The website and tool will be finished and available in their entirety for small- and medium-sized companies by the end of October 2022.  

The tool will be completed on a solution based on open-source software, which will make its further free development possible even after the project is completed.  If you have suggestions for the tool or are interested to know more, contact our project with the details below!

The English version will be published in September of 2022.

The content of this page represents the views of the author only and is his/her sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.

Read next

Digital competences
Pilot: Recognition of circular economy competences with digital Open Badges
Digital competences

Pilot: Recognition of circular economy competences with digital Open Badges

The circular economy will continue to be a key theme in all our economic activities, which is why developing circular economy competences is vital. Competences should also be measurable and visible – in this pilot circular economy competences will be recognised and made visible by means of digital Open Badges.

Merja Sjöblom
Merja Sjöblom
Digital finance
Product passports and Peppol: Working together on a new phase of digital financial management and the circular economy
Digital finance

Product passports and Peppol: Working together on a new phase of digital financial management and the circular economy

If data can be transported in an agreed format, digital product passports will revolutionise the circular economy. What does the Peppol messaging service offer? Would organisations benefit if the information in digital product passports was sent with Peppol messages?

Viestintätoimisto Aivela
Digital finance
Europe’s green transition soon to be part of everyday life thanks to digital product passports
Digital finance

Europe’s green transition soon to be part of everyday life thanks to digital product passports

The Digital Product Passport is a key technology for the EU to make sustainable development and the circular economy a daily reality for individuals and businesses. The Digital Product Passport provides a comprehensive view of the environmental impact of a product throughout its life cycle, making responsible consumption easier. It will not only accelerate the EU’s green transition but also create new business opportunities and help make sustainably operating companies more competitive.

Viestintätoimisto Aivela