mindtheDATA – Creating a data protection culture among SMEs Erasmus Project

Project Title

mindtheDATA – Creating a data protection culture among SMEs

Project Key Action

This project related with these key action: Cooperation for innovation and the exchange of good practices

Project Action Type

This project related with this action type : Strategic Partnerships for vocational education and training

Project Call Year

This project’s Call Year is 2019

Project Topics

This project is related with these Project Topics: Enterprise, industry and SMEs (incl. entrepreneurship); New innovative curricula/educational methods/development of training courses

Project Summary

The EUs General Data Protection Regulation (GDPR) came into force on May 25, 2018. It is not simply introducing, but enforcing a set of rules concerning privacy and data security. GDPR affects organisations and companies, virtually anyone holding data on EU citizens, creating a new data protection framework. GDPR transfers the responsibility of ‘protection’ from institutional monitoring bodies to the companies themselves, which actually control and process data in the first place. The GDPR does allow for certain kinds of exemptions for SMEs, however, being an ‘exemption’ of GDPR as an SME (i.e. not clearly corresponding to ‘systematic, large scale monitoring of data subjects activities’), doesn’t mean in any case that this SME is once and for all beyond and above reproach with respect to the core logic and objective of GDPR. Thus, GDPR expects broadly private sector SMEs to comply with the regulation. On the other hand, the GDPR framework doesn’t want to put an extra bureaucratic burden to SMEs where it is not appropriate, bogging businesses and simply putting them on the defensive with imminent fines and non-compliance penalties.
Along this vein, considering the new SME and business environment in the EU, it is of great importance to highlight how GDPR compliance for SMEs can function as a business differentiator for SMEs. Moving beyond the ‘compliance-or-penalty’ notion, GDPR can thus be exploited by SMEs along the following axes:

• An inducement for innovation (e.g. new, innovative ways to use data)
• A competitive advantage (e.g. reviewing and development of in-company policies which can leqd to more transparency and thus trust for the customer base)
• A tool for consumer empowerment (i.e. placing consumers and their rights at the center and by empowering them, empowering businesses and SMEs)
• An opportunity to create a culture shift in how to do business, by going ‘beyond the compliance’ aspect, to changing the perspective of thinking about GDPR as a burden, to a perspective of thinking of it as business driver.

In this, the role of business consultants, SME/business consulting companies and organisations, trainers/coaches in business and entrepreneurship, HR consultants/professionals, management/strategy/operations and marketing consultants is crucial. It is exactly along these lines of the spirit of the Regulation that this proposed project wishes to make an intervention by the means of a set of tools, guidelines, practices to be used by business consultants to continuously support SMEs as parts of the European SME ecosystem to fully integrate the principles of data protection into their organisational culture and the mindsets of their human capital, not merely as a compliance element, but as a beneficial tool into their organisational culture.
To this goal, the proposed project will in particular develop a modular set of online training material for consultants to cover indicatively (available in EN,BG, EL, ES, PL):

• Pivotal, general aspects of the new data protection framework for EUs digital economy and society and the new SMEs environment;
• Integrated GDPR strategy according to their scope of activities and their GDPR ‘readiness’ in the following indicative thematic parts
1: Data protection in EUs digital society and economy
2: Where does my SME stand and what should it do?
3: Data protection in everyday workplace world
• Hands-on training material for consultants to showcase the importance of GDPR for SMEs as a business differentiator, as well as the ‘beyond compliance’ multiple benefits for SMEs, which will methodologically transcend the training material as a whole, showcasing the four axes as mentioned above.

The training provision will be piloted by business consultants. The purpose of these testing sessions is to check the relevance and usefulness of the training content as a whole and within different subjects, the user-friendliness of the training provision in technical terms, as well as to provide feedback for changes and optimisation.
Target groups:
Primary target group: Business SME consultants and organisations, Professional business coaches, Institutional bodies supporting labour market and enterprises (Chambers of Commerce etc.), VET trainers/organisations in business management, HR consultants/professionals, management/strategy/operations and marketing consultants.
Secondary target group: SMEs and their key persons (owners, decision-makers, managers, IT experts, employees in SMEs); SME representative bodies; Standardization consultants and companies;
Five EU countries are represented in the proposed project through 7 organisations in Bulgaria, Greece, Spain, Poland and Cyprus. The expertise mix of the partnership (SME consulting, VET, standardization and quality assurance, SME) account for a high-quality, cross-fertilising approach and training interventions for SMEs drawing from diverse contexts both at national as well as intra-company, organisational level.

Project Website

https://mindthedata-project.eu/

EU Grant (Eur)

Funding of the project from EU: 171373 Eur

Project Coordinator

YAMBOL CHAMBER OF COMMERCE AND INDUSTRY & Country: BG

Project Partners

• MILITOS SYMVOULEUTIKI A.E.
• R&DO LIMITED
• BUSINESS SUPPORT CENTRE FOR SMALL AND MEDIUM SIZE ENTERPRISES-RUSE
• PAIZ Konsulting Sp. z o.o.
• Innovation Training Center, S.L.
• EQA HELLAS CERTIFICATION & INSPECTION BODY SA