About 

Project ARC II - AWARENESS RAISING CAMPAIGN FOR SMEs

Project number: 101072630, Citizenship, Equality, Rights and Values Programme

Call: CERV-2021-DATA, Topic: CERV-2021-DATA

Granting authority: European Commission-EU

Project duration: 24 months, 2 September 2022 - 1 September 2024

4 Work packages, 15 deliverables

GRANT AMOUNT: 360 514.43 EUR

TOTAL COSTS: 400 571.62 EUR

COORDINATOR: AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA (AZOP)- CROATIAN PERSONAL DATA PROTECTION AGENCY

BENEFICIARIES: GARANTE PER LA PROTEZIONE DEI DATI PERSONALI (GARANTE PRIVACY), FACULTY OF INFORMATICS AND ORGANISATION (FOI), VRIJE UNIVERSITY BRUXELLES (VUB), UNIVERSITY OF FLORENCE (UNIFI)

 

EXPECTED PROJECT RESULTS:

- development of an interoperable and innovative web tool Olivia adapted to the specific needs of Croatian and Italian SMEs to help them to comply with the GDPR and data protection legal framework;

- conducting  20 GDPR workshops in Croatia and 20 in Italy to give SMEs concrete support in their efforts to understand their obligations arising from the GDPR and to reach a higher level of compliance; 

-  conducting raising awareness campaign in the Croatian and Italian media, develop educational materials and videos;

- organising  2 evaluation workshops and 2 international conferences, one in Rome and one in Zagreb, to disseminate the project results

- during the implementation of the project and after the completion of the project, we will continuously promote the Olivia web tool and raise awareness on personal data protection among SMEs but also other data controllers/processors and citizens

 

 

BACKGROUND:

The SMEs are the backbone of the European economy. More than 99%of the enterprises in Croatiaand Italy are small and medium enterprises. Croatian and Italian DPAs have been making major efforts to raise awareness on personal data protection and to help SMEs to comply with the GDPR, in the first place by conducting numerous activities in the framework of EU co-funded projects ARC and SMEDATA. In the European Commission’s COMMUNICATION (COM/2020/264)- Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation, it is stated that efforts of the DPAs “should be intensified, preferably within a common European approach in order not to create barriers to the Single Market”. For the abovementioned reasons all the project activities of ARC II project will focus first and foremost on the SMEs as a target group, and address issues they are dealing with.

Furthermore, data protection compliance not only involves understanding GDPR provisions but rather all the national legislation that applies to specific country, business and company. SMEs are under a lot of burden to understand all the relevant law, to perform risk assessments, and monitor all the case law and changes in the legislation. Also, due to the general nature of the GDPR (lex generalis) it is important but complex to distinguish proper relationship with specific European law (lex specialis) and struck the right balance. Moreover, the legal framework is getting more complex with new Data Governance Act, AI Act, Digital Services Act and it will have a significant impact on SMEs. If a company has an employee who is a lawyer, it is quite common that the lawyer gets all the compliance roles. All the above mentioned is a difficult burden to bear for a large number of the Italian and Croatian SMEs. ARC II project will be built on good foundations, results and findings of ARC project and SMEDATA project.

On the EU market, there is still no comprehensive, free of charge and user-friendly IT solution tailor-made for specific needs of SMEs in different member states. The main project goal is the development of the digital tool Olivia with knowledge base integrating all the education materials, templates, FAQs already developed within ARC and SMEDATA I project, all at one place and in one digital tool, available to SMEs to use free of charge. Furthermore, onsite and online workshops based on personal interaction that we will organise with the SMEs can significantly help in resolving the stated above challenges and disseminate knowledge about personal data protection among, their staff, entrepreneurs and their clients.

Also, online workshops will be conducted, recorded and published on ARC II website and Olivia dashboard, and in this way will be available permanently to a larger public.

Online digital tool will be made based on open-source code and added to ARC website and it will available under free software licence (such as EU public license). The digital tool called Olivia will be released under a license in which the copyright holder grants users the rights to use, study, change, and distribute it, meaning that other DPAs could use it free of charge, add new modules, functionalities, adjust it to the needs of their SMEs and national legislation, also they can upgrade and improve Olivia. The digital tool will be designed according to the needs of Italian and Croatian SMEs. All the project activities will be conducted in Croatia and Italy, and dissemination and communication activities are also going to be conducted in Belgium.

____________________________________________________________________

Project ARC - AWARENESS RAISING CAMPAIGN FOR SMEs

THIS PROJECT HAS RECEIVED FUNDING FROM THE EUROPEAN UNION'S RIGHTS, EQUALITY AND CITIZENSHIP 2014-2019 PROGRAMME UNDER GRANT AGREEMENT N°874524.

DURATION OF THE PROJECT: 30 MONTHS, FROM MARCH 2020 UNTIL AUGUST 2022

COORDINATOR: AGENCIJA ZA ZAŠTITU OSOBNIH PODATAKA (AZOP)- CROATIAN PERSONAL DATA PROTECTION AGENCY

BENEFICIARIES: DATA PROTECTION COMMISSION IRELAND (DPC), VRIJE UNIVERSITY BRUXELLES (VUB)

BACKGROUND:

Considering Regulation (EU) 2016/679 on the protection of natural persons regarding the processing and free movement of personal data (General Data Protection Regulation, GDPR), national Data Protection Authorities (DPAs) are required to take action to reach stakeholders through awareness-raising activities among business entities, in particular geared toward small and medium-sized enterprises (SMEs).

The new European regulation – GDPR – is the most important change in data privacy regulation in the last few decades. It harmonizes the data privacy laws across Europe; it will protect and empower all EU citizens data privacy and will reshape the way SMEs across the region approach data privacy. Failure of SMEs to prepare themselves for the adequate implementation of the policies and regulations concerning the data and processes they deal with, shall have great impact towards the growth of the SMEs customer relationship, client satisfaction, trust and brand image, and the economy in general. For these reasons, the GDPR's adequate implementation and a “step-by-step” guided methodology shall have great impact not only on the SMEs GDPR compliance, but on their reliability and trustworthiness as a business partner to work with.

Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka-AZOP) and Data Protection Commission Ireland during their every day work noticed that there is still a lot of ambiguities in the application of the GDPR by the  SMEs. These findings are also supported by a large number of written queries and even greater number of phone calls which this two authorities receive on daily basis. It is essential to emphasize that SMEs are still struggling with the implementation of the GDPR and sometimes do not even know how to begin in order to align their business activities with the GDPR requirements.

The issues, which are often discussed when we talk about SMEs and their doubts regarding data protection are related to processing of employees personal data, especially sensitive categories as biometric and health data, video surveillance systems in the working environment, working time records, monitoring of employees electronic communication, data processing that represent high risk for individuals, data processing for marketing purposes, designation of the data protection officer, the content of the record of processing activities, distinction between the function of controller and the processor, the content of the privacy policy etc.

Through this project AZOP and DPC will have an additional opportunity to help these subjects in full GDPR implementation and in understanding the importance of the personal data protection.

Overall expected direct result of ARC project is increased knowledge and improved understanding on data protection among SMEs.