Submitted Abstract
With the new General Data Protection Regulation (GDPR) becoming applicable from 25 May 2018, SMEs in Luxembourg and elsewhere face a significant challenge in being compliant. While big organizations afford to hire internal or external Data Protection Officers and other experts, SMEs, such as a small dentist cabinet, for example, do not have the financial resources nor the expertise to comply with the provisions of the highly complex Regulation, although they may be processing highly sensitive data, such as patient data. This project proposes a method for data protection compliance self-assessment based on an interactive tool designed especially for SMEs. The solution fills a two-folded gap in the market: it solves the costly and complex compliance challenge of SMEs and at the same time offers a solid tool that combines legal and IT expert knowledge to ensure a much needed integrated solution for the protection of the fundamental right to data protection.