On 27 April 2023, the European Data Protection Board (EDPB) published a Data Protection Guide (Guide) to help small business owners in their process of compliance with data protection requirements under GDPR. According to EDPB’s press release, this Guide is one of EDPB’s awareness-raising actions for this year.
It provides various tools and practical tips in an accessible and easily understandable format and contains various videos, infographics, interactive flowcharts, and other practical materials. The Guide also includes an outline of useful materials developed by the national Data Protection Authorities for small and medium-sized enterprises (SMEs).
The Guide covers the following main aspects:
- Understanding of the data protection basics (i.e., personal data, processing of personal data, the applicability of GDPR, key principles of processing);
- Complying with certain obligations (i.e., data privacy by design and by default, records of data processing, data protection impact assessment, codes of conduct, and certification);
- Respecting data subjects’ rights (i.e., data subjects’ rights and how to handle data subjects’ requests);
- Ensuring the security of personal data (i.e., key aspects related to security, organizational and technical measures, including details on pseudonymization, encryption, and anonymization, and security measures required in specific situations).
The EDPB’s press release is here.