On the occasion of the celebration of the 16th Data Protection Day, the Hellenic Data Protection Authority (HDPA) organised, on Friday 28 January 2022, an awareness online event. The first part of the event was dedicated to contemporary data protection issues, such as a) processing of personal data in the context of contact tracing applications and b) data protection and remote working. Among the speakers was the President of the HDPA, Mr Konstantinos Menoudakos, and members of the Collegial Body, Konstantinos Lambrinoudakis, Professor of Digital Systems at the University of Piraeus and Grigoris Tsolias, lawyer.
In the second part of the event dedicated to the “project byDesign” (https://bydesign-project.eu/), the Director of the HDPA, Dr Vasilios Zorkadis, briefly explained the Authority’s efforts to prepare proposals and implement projects funded by the European Union, focusing especially on the objectives of the “project byDesign”, which is in its second year of implementation. More particularly, he stated that this project aims a) to support SMEs in their efforts to comply with the GDPR by providing them with standard documents, procedures, policies and information texts and a tool to adapt them to the needs of each party concerned; and b) to design a training programme in the field of data protection by design and by default for those involved in the development and promotion of ICT products and services and to carry out a series of relevant training seminars.
Then, HDPA’s IT auditor Dr Efrosini Siougle and legal auditor Ms Kalli Karveli in their presentation entitled “Creating a GDPR compliance support tool for small and medium-sized enterprises (SMEs)” presented the methodology used to identify and determine the requirements of SMEs; this was accomplished a) by using structured questionnaires given to more than 1.000 SMEs via representative business associations, the companies themselves, consumer associations and employee associations of the following sectors: health, retail trade, catering, tourism, education and sports, and b) by organising workshops to discuss needs and impacts, based on the results of the questionnaires. The questions addressed four main topics: 1) lawfulness and transparency, 2) accountability, 3) business activities involving data processing, and 4) guidance and compliance needs and wants.
Αfter the analysis of the requirements, the methodology used for the preparation of the guidance material for SMEs and its adaptation based on the industry and the characteristics of each SME was presented through templates and model documents, policies and procedures, information texts, frequent questions and checklists for each of the thematic modules, the online tool to facilitate compliance using modern web application technologies and the upcoming pilot operation with evaluation of the tool in a production environment prior to its general release and the final evaluation through a follow-up survey to be carried out mainly through online questionnaires.
Then IT auditors Ms Georgia Panagopoulou and Dr George Rousopoulos, in their presentation entitled “Creation of educational material and organisation of seminars in the field of data protection by design and by default”, explained the methodology of analysis and identification of requirements and related results, as well as the educational material created in the context of the “byDesign project” aimed at specialists involved in the development and promotion of information and communication systems, such as analysts, software designers and developers. In addition, reference was made to the upcoming organisation of seminars and further work foreseen for the wide use of the educational programme even after the completion of the project.
At the end of each session of the on-line event, the speakers answered many questions raised by the numerous audience (1.100 unique viewers).
- All presentations are available in Greek here.