GDPR Compliance in SMEs: There is much to be done
Maria da Conceição Freitas 1 * , Miguel Mira da Silva 1
More Detail
1 Instituto Superior Técnico, Universidade de Lisboa, Lisboa, PORTUGAL
* Corresponding Author


The obligatory adaptation of Organizations to the General Data Protection Regulation (EU) 2016/679 (GDPR), will imply a set of legal, technological and functional changes, with a direct impact on the daily life of Organizations as a result of their increased responsibility with data protection subjects that has been reinforced by the new legislation. On the other hand, the transfer of responsibilities from the national authorities to the Organizations obliges them to prove, at all times, full compliance with the legislation. Organizations are subject to heavy fines when a non-compliance is detected. This new reality is a challenge for any Organization, and in particular for small and medium-sized enterprises (SMEs), which have fewer human and financial resources to carry out the necessary measures to comply with legislation. In order to know how SMEs are preparing themselves, we have conducted face-to-face interviews with ten industrial SMEs. The main conclusion is that, given these companies' lack of awareness of their obligations and duties in relation to Personal Data Protection, it is urgent to define a methodology to be able to comply with GDPR.


This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Article Type: Research Article

J INFORM SYSTEMS ENG, 2018 - Volume 3 Issue 4, Article No: 30

Publication date: 10 Nov 2018

Article Views: 1140

Article Downloads: 1656

Open Access References How to cite this article