CORDIS - Forschungsergebnisse der EU

GDPR Compliance Cloud Platform for Micro Enterprises

Periodic Reporting for period 2 - SMOOTH (GDPR Compliance Cloud Platform for Micro Enterprises)

Berichtszeitraum: 2019-05-01 bis 2021-01-31

SMOOTH aims to assist micro-enterprises to comply with key requirements of the GDPR by offering them an easy-to-use and affordable cloud-based platform service. Dealing with the constraints brought by the GDPR is already difficult enough for SMEs, and even more for their smallest-sized members, the micro-enterprises. For these actors responsible respectively for 30% and 21 % of employment and value-added in the EU, getting in line with GDPR demands can easily seem insurmountable. Lack of expertise and limited resources make them particularly vulnerable to the consequences of non-compliance.
By assisting these enterprises to adopt the GDPR, SMOOTH ultimately aims to safeguard citizens’ rights to data protection and privacy, protect micro-enterprises from the negative consequences of non-compliance and, by extension, benefit the European society.
Moreover, the SMOOTH platform is aimed at not only help companies assess their level of compliance with the GDPR but also raise awareness on companies’ obligations.
SMOOTH has developed advanced technologies for automatically assessing compliance with key elements of the GDPR commonly applying to micro-enterprises.

The SMOOTH platform produces a compliance report based on the user answers in the entry questionnaire and the automated analysis of user files, website, and mobile app if they are available. The report is generated automatically without any human intervention and is directly available to the user. Through the compliance report, the user is informed about the steps to undertake to comply with the GDPR.

Also, the GDPR online interactive Handbook, which has been launched in two versions, website and mobile app,is a “go-to-guide” for micro-enterprises for all their data protection questions. Using simple, plain, and clear language, this handbook presents the steps micro-enterprises should take in order to be GDPR compliant. It provides useful lins, infographics, videos, and several examples to highlight the important GDPR aspects.
Main last achievements have been:
2. Release of algorithm and services realising the specific modules (D3.3 D4.3 D5.3).
3. Execution of the iterative pilots according to the three verticals defined in the project and analysis of results. Real-users tested an interim version of the platform to gather initial feedback for the debugging and improvement of the user experience. Users were asked to complete the entry questionnaire of the SMOOTH Platform and some of them were also asked to fill in an accompanying Experience Evaluation Survey (UEES). The analysis of UX metrics of usability and aesthetics together with the qualitative feedback derived us to implement some changes so that the tool could benefit from an improved UX design.
4. Delivery of the Handbook in web and app version, together with its validation, as well as the final assessment of the requirements (legal, functional, and technical), upon the market validation.
5. Final release of the SMOOTH platform, after the iterative improvement made to accommodate the solution according to the feedback received from the different pilots. It also includes PENTEST methodology and results.
6. Evaluation of the market assessment of the SMOOTH platform: MEnts have tested the platform in real life operational environment. An online survey has been conducted for gathering their feedback (D7.4).
7. Detailed exploitation strategy for each project result and for the overall SMOOTH platform to maximize the potential of both project results and know-how generated within the development of the SMOOTH platform
8. The SMOOTH final event showcasing the results of the project has taken place online in Jan-21, reaching a wide target audience including SMEs, multipliers, academia, legal and consultancy firms, and data protection specialists.
9. Patent application submission by NAVER for “Methods for Unsupervised Prediction of Performance Drop due to Domain Shift”
10. CEN Workshop Agreement: “Guidelines for Traditional Micro-SMEs GDPR Compliance”. Although CWAs are protected by copyright mechanisms, UNE will make a prepayment to CEN so that the CWA will be available for free download by stakeholders in CEN’s website after its publication.
"The SMOOTH platform is composed of:
A. SMOODATA: For the automated analysis of the Enterprises’ databases. It identifies the categories of the data that an Enterprise has stored. Based on this, it can be assessed if a company:
1 is only storing the personal data items in accordance with its policies or is storing personal data (by mistake) that it is not allowed to process.
2 processes ""Sensitive Personal Data"" in the data repository.
3 has a legal basis for their personal data processing,
4 stores sensitive personal data.
B. SMOOTEXT: It analyses if the legal texts comply with Privacy Legislation, such as Privacy Policies or Cookie Policies, it warns about:
1 the presence of all required mentions in the policy,
2 the readability, highlighting ambiguous or overly-complicated phrases
C. SMONLINE: It analyses websites and mobile apps and will be composed of the following:
1 the SMONLINE website
2 the SMONLINE-advertising
3 the SMONLINE-MobileApp
The project has delivered the following results:
1 GDPR key text document analysis
• Practical use, enabling the analysis of text documents related to privacy protection and future research and technological solutions on multi-lingual text mining and machine learning analysis of document complexity. Applicable to areas such as Data protection, privacy and transparency; as well as in other data science applications (e.g. other legal applications, insurances, medical, technical building code,…)
2 Module 2: GDPR personal data repository analysis
• Practical use, enabling the analysis of personal data repositories. Also to be etended in future research and technological solutions on methods for data ingestion and analysis of database storage practices
3 Module 3: GDPR auditing for websites and apps
• Practical use, enabling the analysis of the use of personal data in websites and mobile apps. Potential future research and technological solutions on online advertising, data leakage. Applicable to Data protection, privacy and transparency; and more generally on online advertising, online crime, data security
4 GDPR online interactive handbook for MEnt with kit of resources
• Practical use, as a communication and dissemination tool to reach a large number of MEnts and raise their awareness about GDPR. Freely accessible materials for GDPR compliance: templates, information and advice , Communication, awareness, education, Data protection, privacy and transparency, Ments and citizens
5 Platform for GDPR compliance analysis
• Practical use, as integrated solution for EU MEnts to adopt the GDPR. To be used as reference on how a software solution can support the adoption of new legislation by MEnts Data protection, privacy and transparency; regulation, communication, awareness, education
6 CEN Workshop Agreement (CWA) Guidelines for Traditional Micro-SMEs’ GDPR compliance
• Freely accessible materials for GDPR compliance: templates, information and advice for the direct use by MEnts (dissemination tools) Benefiting Data protection, privacy and transparency, MEnts of all sectors"