The GDPR made simpl(er) for SMEs

This user-friendly Handbook offers guidance and practical suggestions for small and medium-sized enterprises (SMEs) that could facilitate compliance with the General Data Protection Regulation (GDPR). Being primarily addressed to enterprises for which personal data processing is an auxiliary activity, the Handbook explains how to navigate the barrage of resources available on GDPR. In doing so it provides an overview of the main actors in the European data protection landscape. It also clarifies the scope of data protection law and the scope of its application to SMEs. The Handbook introduces concepts and principles that form the crux of personal data protection legal framework and then it unpacks the theory and practice of the risk-based approach to personal data protection. The Handbook seeks to go beyond a mere description of GDPR provisions and obligations stemming from them. It includes a set of proactive measures that were put forward by European DPAs and bodies. In addition, it provides references toother publicly available (open access) resources that also provide practical suggestions.