In their cooperation project GDPR2DSM, the Office of the Personal Data Protection Commissioner and the Center for the development of information societies have mapped the personal data protection exigences and challenges faced by SME. The GDPR2DSM project, financed by the European Union, aims to provide to SME information and instruments in order to guarantee the personal data protection. Based on results of the survey, the dimension of the company has influenced the perception of personal data protection requirements.
The survey of the Office of the Personal Data Protection Commissioner has been realized in March as an online survey. Interviewed were about 350. The majority of them were companies in the commercial service with less of five employees.
The General Data Protection Regulation seems to be familiar to companies. Anyway, companies of bigger dimensions have considered different requirements for the personal data protection. The bigger is the company, better is the awareness of GDPR requirements. Also, bigger companies have worked to comply those requirements. In big companies, 93% of interviewed have declared that their company was aware of GDPR requirements.
Responses of smaller companies have indicated that less work has been done in order to comply with those requirements. Based on these responses only the 76% of small companies with less of five employees is aware of GDPR requirements.
External know-how acquired for personal data protection
In bigger companies with more than 20 employees, challenges for personal data protection are wider or pursued like them. About the 70% of bigger companies have appealed to external assistance. Smaller companies seem to be more unwilling to help strangers, because only the 30% seem to have obtained an external aid on question on the GDPR application.
In fact, smaller companies were assisted in question on personal data protection by an online service provider or another partner of IT services.
People remain satisfied of their experiences: the 70% of the biggest companies have replied to being able to apply the GDPR in their activities. The 60% of smaller companies was satisfied from the application level.
Responses have also revealed that the 80% of representants of biggest companies considers that the General Data Protection Regulation still place challenges. For smaller companies the proportion was over than the 60%.
The burden of the proof and the security of information are pursued like challenging
Based on responses, the most challenges areas are considered the obligation to demonstrate and the security of the processing, which are the requirements of the information security. Also impact assessment on personal data protection, information of data subjects and data interests were sectors in which companies hope to receive assistance.
Checklist of control were considered important
The survey has also identified which type of practical help was more advantaged for companies. Probably the telework learned during the Coronavirus period was reflected in the answers: the most popular options were various checklists, written instructions and webinars. On the contrary, about one in four were interested in training sessions.
Survey background is a project to develop awareness of company data protection
The survey on SME data protection expertise was conducted as part of the cooperation project GDPR2DSM ( GDPR opening ports to the digital single market: SME centric online tools and support for leveraging the opportunity ) cooperation project between the Office of the Data Protection Commissioner and TIEKE . The aim of the project is to help Finnish companies improve their data protection capacities and thus facilitate access to the EU internal market. The project is funded by the Rights, Equality and Citizenship Programme of the European Union.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA FINLANDIA