Samenvatting
This user-friendly Handbook offers guidance and practical suggestions for small and medium-sized enterprises (SMEs) that could facilitate compliance with the General Data Protection Regulation (GDPR). Being primarily addressed to enterprises for which personal data processing is an auxiliary activity, the Handbook explains how to navigate the barrage of resources available on GDPR. In doing so it provides an overview of the main actors in the European data protection landscape. It also clarifies the scope of data protection law and the scope of its application to SMEs. The Handbook introduces concepts and principles that form the crux of personal data protection legal framework and then it unpacks the theory and practice of the risk-based approach to personal data protection. The Handbook seeks to go beyond a mere description of GDPR provisions and obligations stemming from them. It includes a set of proactive measures that were put forward by European DPAs and bodies. In addition, it provides references to other publicly available (open access) resources that also provide practical suggestions. The handbook was prepared in the context of STARII project (2018-2020), co-funded by the European Union under the Rights, Equality and Citizenship Programme 2014-2020 and ran in the partnership of the National Authority for Data Protection and Freedom of Information (NAIH) (coordinator), the interdisciplinary Research Group on Law, Science, Technology & Society (LSTS) of the Vrije Universiteit Brussel (VUB), and Trilateral Research Ltd (TRI IE)