There are pressing needs to (1) assist European Union (EU) data protection authorities (DPAs) in raising awareness among businesses, especially small and medium enterprises (SMEs), on the new EU legal framework for personal data protection, particularly the General Data Protection Regulation (GDPR), and (2) assist these SMEs in ensuring compliance therewith. The new law and its novelties create much confusion and uncertainty as to its practical application, magnified by its upcoming applicability (May 2018). Some 22 million European SMEs – the core of EU enterprise policy – not only face distinctive challenges from data protection law, but also – despite specific, often protective regulation – rarely can afford professional legal advice. Thus they merit special support from public authorities.
The STAR II project will directly address these needs and will: (1) review the state of the art in DPA awareness-raising activities, (2) analyse SMEs’ experience within first months of the functioning of the GDPR, (3) run an awareness-raising campaign for SMEs and (4) a trial hotline (12 months) to respond to SMEs’ questions, measuring its performance and the most frequently asked questions, and – on that basis – (5) prepare a digital guidance for DPAs on good practices in running a hotline and raising SME awareness, and (6) draft an innovative, FAQ-based handbook (digital and printed) for SMEs on EU personal data protection law. These results will be prepared in consultation with stakeholders (especially via validation workshops and the External Advisory Board) and widely disseminated. The outputs will be freely available, openly accessible and copyright-unrestricted, thus easily reusable and adaptable.
STAR II is addressed to 40+ EU DPAs and millions of EU SMEs. It will deliver tangible and long-term results to SMEs, directly assisting them in compliance with the GDPR (by hotline and guidance material) and – indirectly – to DPAs, to assist in their awareness-raising mission.