A new European innovation action under the H2020 Cibersecurity-PPP funding program is assisting micro enterprises, also known as MEnts, to comply with the new General Data Protection Regulation (GDPR), which was launched in 2018 to enhance privacy protection for all European citizens. The SMOOTH project, in which IMDEA Networks Institute participates, aims to become the reference platform for MEnts transitioning to GDPR compliance, whilst safeguarding the interests of EU citizenry on data privacy and security.
Privacy is one of the fundamental rights included in the European Charter of Fundamental Rights. To protect European citizens' privacy, the European Commission developed the revolutionary pan-European General Data Protection Regulation (GDPR), which became effective in the 25th of May 2018. The main goals of GDPR are giving control to European individuals over their personal data and unifying data protection laws within the European Union. Companies and organizations violating the strict rules imposed by the GDPR risk severe fines (up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher), but also damage to their brand's reputation.
It is unclear, however, how well organizations and companies handling personal data of European citizens are adapting to stricter requirements and whether regulatory actions will be a sufficient deterrent to industry malpractice or deceptive behaviors.
According to the last official available data (2015), almost 93% of all enterprises in Europe in the non-financial business sector have less than 10 employees. These micro enterprises are responsible for 30% and 21% of the overall employment and value added in the EU, respectively. However, when it refers to the application of the GDPR, MEnts are the most vulnerable due to their lack of expertise and resources to invest in their adoption.
SMOOTH (GDPR Compliance Cloud Platform for Micro Enterprises - Project ID: 786741) aims to assist MEnts in their transition to GDPR compliance. To that end SMOOTH follows a multi-disciplinary approach, involving as partners data protection authorities and associations representing EU MEnts, as well as representatives from academia and research organizations. Thanks to their joint efforts, the project is creating awareness on the importance of being compliant with the GDPR, as many MEnts ignore their obligations in this respect. At a technological level, SMOOTH is developing a platform based on machine learning, text and data mining technologies, as well as advanced online auditing methods, to automatically create a bespoke GDPR compliance report for the most critical aspects to MEnts, in order to ease their way towards adoption and compliance and avoid involuntary violation of the rules.
The project is led by EURECAT (Barcelona, Spain) and counts with twelve partners. Dr. Narseo Vallina-Rodríguez, Research Assistant Professor at IMDEA Networks Institute, offers an overview of the Institute's role in the project: "IMDEA Networks will leverage its extensive expertise in online privacy and security to lead the design and development of novel self-assessment and auditing tools for those MEnts developing mobile applications."