GDPR Temperature Tool: a new free resource for European SMEs
The General Data Protection Regulation (GDPR) came into force in May 2018. Almost three years later, however, many businesses are still unclear on how at risk they are to GDPR-related sanctions.
The vast majority of business leaders believe that it is essential to comply with the GDPR, especially as companies can risk crippling fines. Indeed, while many companies did act when the regulation came into force, this was often to cover the absolute minimum areas of compliance. Therefore, their risk to sanctions has not disappeared.
But how can companies and in particular SMEs really understand how at risk they are to fines and what they should do about it?
The EC-funded H2020 project cyberwatching.eu has launched the GDPR Temperature Tool to help European SMEs understand how at risk they are to sanctions or fines. By answering a set of questions on data processing activities, the tool provides an indication of a company’s risk to sanctions. The higher the temperature, the higher the risk. In addition, a free customised set of practical and actionable recommendations is provided. The process takes around 15 minutes and the recommendations come directly from ICT Legal Consulting, a law firm with plenty of expertise in the area.
“The GDPR temperature is an awareness tool which helps SMEs, though a practical self-assessment, to understand their exposure to risk of sanctions due to GDPR violations and act accordingly in order to improve their compliance posture,” says Paolo Balboni, Lead Creator of the tool and Founder of ICT Legal Consulting, partner of cyberwatching.eu. The need for a more proactive rather than reactive approach is echoed by Sebastiano Tofaletti, Secretary General of the Digital SME Alliance which is also partner of cyberwatching.eu.
"GDPR rules are setting the global standard for personal data protection. European digital SMEs are at the forefront of these developments, extending GDPR-compliant solutions to all economic sectors. However, the SMEs in more traditional sectors reportedly lack the understanding of GDPR and look for solutions only after the breach happens. Thus, it is very important for every SME to have simple means of evaluating the compliance and risk of sanctions, and to understand the need for further assistance before any violation occurs," states Sebastiano.
The tool can be used as an important preliminary step for SMEs to facilitate their understanding of where they stand with respect to the GDPR in terms of ‘risks to sanctions’. “Assessing risk is an essential process that all companies need to take action on. Risks vary in likelihood and severity for rights and freedoms of natural persons posed by the relevant processing activities. It’s vital for companies to keep on top of this and design data processing activities that are legally and ethically respectful of individuals."
The GDPR Temperature Tool is available through the cyberwatching.eu website here.