ICON complements national GDPR platform for SMEs

A recent survey by the Information and Data Protection Commissioner (IDPC) of 259 SMEs found that awareness of GDPR-related issues was medium to high among the majority of SMEs.

The survey, carried out in collaboration with the Malta Chamber of SMEs and the Malta Employers Association, was commissioned by the IDPC as part of a wider project to raise public and business awareness of GDPR, especially SMEs.

This project, co-funded by the European Fund for Rights, Equality and Citizenship 2014 to 2020, saw the creation of a secure online compliance tool for self-assessment made available online (https:/ /idpc.org.mt/for-organisations/self -assessment-compliance-tool/) which is designed to guide SMEs through a set of self-assessment risk levels, recommendations and templates for help measure the compliance of their processing operations with the requirements and obligations of the GDPR.

Ian Castillo, owner and director of ICON, which designed the IDPC online self-assessment tool, said: “This latest project for IDPC has allowed us to put our capabilities into the part of a national project that will help SMEs determine how well they are complying with the IDPC. stringent GDPR requirements.

“Users taking this online self-assessment will be guided through 48 short questions that cover the most important provisions of the GDPR. At the end of the questionnaire, the tool generates a report based on the answers provided, immediately helping the company to identify if its level of risk is high, medium or low.

“In addition to the report, the tool can measure compliance gaps, provide helpful feedback and recommendations, and offers valuable documentation and policy templates that any SME can adapt and implement within their own organization. “

Ian Deguara, Information and Data Protection Commissioner, said: “This initiative is in line with our office’s tasks to raise awareness of data protection within the Maltese business community. Essentially, this compliance tool helps companies that are not yet fully familiar with data protection to assess and identify their current compliance risks so that they can mitigate them.

Pierre Minuti, senior technical officer at IDPC, added: “The online platform has been designed and implemented in such a way that after the SME has completed a questionnaire, it identifies the levels of risk, measures the compliance deviations and provide feedback.

“Most importantly, we want SMEs to understand that this platform is just a risk algorithm tool developed to provide an immediate output in the form of a report, including policy templates, that the controller may consider implementing in-house.”

Recent research conducted by the IDPC has also revealed that the majority of companies are aware of the obligation for data controllers to legitimize activities involving the processing of personal data on the basis of a valid legal basis.

Although SMEs generally inform data subjects about the processing of their personal data mainly through their websites and manual forms, the application of other data protection principles as well as the implementation of Organizational and technical security are areas of law to which more attention should be paid.

Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support us

Comments are closed.