Skip to Content

The GDPR2DSM project promoted data protection expertise among SMEs – data protection tool available in open-source code

Publication date 7.2.2023 11.27 | Published in English on 20.2.2023 at 10.43
Press release

The two-year GDPR2DSM project of the Office of the Data Protection Ombudsman and TIEKE Finnish Information Society Development Centre supported SMEs in complying with data protection requirements. The project developed a simple online tool that companies can use to test their compliance with the General Data Protection Regulation, or GDPR. The tool is available in Finnish, Swedish and English The tool has now been published in open-source code.

Data protection tool available in three languages

One of the main goals of the GDPR2DSM project was to improve the data protection competence of SMEs and make their data protection work easier. The project developed an online tool in cooperation with entrepreneurs that they can use to test their company's compliance with data protection requirements. The tool is available in Finnish, Swedish and English.

See the tool: tietosuojaapkyrityksille.fi/en

The tool consists of various tests that can be taken in any order. Users can start with the baseline test to see how familiar they are with the basics of the GDPR.

The role test helps the user determine the company's role in processing personal data. The GDPR imposes different obligations depending on whether the company is acting as a controller, processor or joint controller of personal data. There are also specific tests for each role. Finally, the tool gives the user a report with recommended measures and sources of further information.

Data protection tool released in open-source code

The source code and contents of the data protection tool have been published for free use. This means that the tool can be used for purposes such as the further development of company- or industry-specific data protection tools or the production of new language versions. The licence also permits the tool to be used in commercial applications.

The tool's source code in the GitHub online service

Companies are using the materials for a variety of purposes

The tietosuojaapkyrityksille.fi website also includes a databank with guides and recorded webinars and presentations. A total of 26 webinars and five seminars on data protection were held during the project.

The project concluded with a survey charting, for example, whether companies had used the tool and databank. The survey was taken by roughly 100 companies. Based on the replies, the companies had used the tool and other materials for a wide variety of purposes. More than half of the respondents said that they had tested their data protection knowledge with the tool. Another 44% said that they had used the tool to chart their compliance with the GDPR, while approximately 41% stated that they had used the materials for study purposes.

The data protection tool had also been used for employee orientation, reporting and charting the company's role. Based on the feedback, companies have found the materials to be useful.

The Office of the Data Protection Ombudsman will be responsible for the maintenance of the data protection tool after the project's conclusion. You can send development ideas and feedback about the tool to the Office of the Data Protection Ombudsman.

Links to the materials produced in the GDPR2DSM project:

Further information:

Office of the Data Protection Ombudsman: Meeri Blomberg, Senior Officer and Project Manager, meeri.blomberg(at)om.fi, tel. +358 29 5666 755

TIEKE Finnish Information Society Development Centre: Timo Simell, Project Manager, timo.simell(at)tieke.fi, tel. +358 43 820 0952

What was GDPR2DSM?

A two-year project: The GDPR opens doors to the Digital Single Market with key online tools for SMEs and support for capitalising on opportunities.

The project was funded by the European Union’s Fundamental Rights, Equality and Citizenship Programme.

The Office of the Data Protection Ombudsman serves as the coordinator, with TIEKE Finnish Information Society Development Centre as the project partner.

The content of this article represents the views of the author only and is his/her sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.

Back to top