GDPR Implementation Framework for SMEs
Ashraf, Saira (2021)
Julkaisun pysyvä osoite on
http://urn.fi/URN:NBN:fi:amk-202103314092
http://urn.fi/URN:NBN:fi:amk-202103314092
Tiivistelmä
General Data Protection Regulation (GDPR) has been in force since May 2018. Despite the time lapsed, there is no simple interpretation of the regulation that can be adapted by Small and Medium size enterprises to become GDPR compliant. Much has been left to the inter-pretations.
Large enterprises on average spent 1 M€ per year for GDPR compliance. The study was conducted to support SMEs who lack competent resources and budget to handle big GDPR audits and hire expensive consultants to solve problem for them.
The study critically reviewed the existing frameworks for GDPR compliance. It was noticed that Microsoft has provided the most comprehensive tool for GDPR analysis and proposing action plan based on input in their GDPR detailed assessment tool. However, the tool is still too complex for SMEs.
After analysing the current available frameworks and tools, this study proposes a simple framework which can be adapted by SMEs, especially, which have less than 100 employees on the payroll or budget is less than 100 k€ per year. The proposed simple framework takes the key elements from the legislation and other available frameworks and tools and simpli-fies them so that SMEs can easily become GDPR compliant. As such, this study has not invented something new from the scratch, but it adds value by combining several key inter-pretations of GDPR compliance into a very simple framework for adaption.
The study does not provide warranty for GDPR compliance which is the same for other available frameworks as well. But by adapting this framework, SMEs can prove that they have taken data privacy and security seriously and that they are handling personal infor-mation in legitimate and responsible manner.
Large enterprises on average spent 1 M€ per year for GDPR compliance. The study was conducted to support SMEs who lack competent resources and budget to handle big GDPR audits and hire expensive consultants to solve problem for them.
The study critically reviewed the existing frameworks for GDPR compliance. It was noticed that Microsoft has provided the most comprehensive tool for GDPR analysis and proposing action plan based on input in their GDPR detailed assessment tool. However, the tool is still too complex for SMEs.
After analysing the current available frameworks and tools, this study proposes a simple framework which can be adapted by SMEs, especially, which have less than 100 employees on the payroll or budget is less than 100 k€ per year. The proposed simple framework takes the key elements from the legislation and other available frameworks and tools and simpli-fies them so that SMEs can easily become GDPR compliant. As such, this study has not invented something new from the scratch, but it adds value by combining several key inter-pretations of GDPR compliance into a very simple framework for adaption.
The study does not provide warranty for GDPR compliance which is the same for other available frameworks as well. But by adapting this framework, SMEs can prove that they have taken data privacy and security seriously and that they are handling personal infor-mation in legitimate and responsible manner.