Skip to main content


GDPR: SMEs call on Member States to support implementation

UEAPME insists on awareness raising campaigns and timely measures

Brussels, 30th January 2018 – Today, UEAPME met Commissioners Ansip and Jourová with other stakeholders to discuss the implementation of the General Data Protection Regulation (GDPR) entering into force on 25th May.

They also talked about the European Commission’s newly published Guidance to facilitate its application and a new online tool dedicated to SMEs.

While thanking the Commission for the new material, UEAPME remains highly concerned about the incertitude surrounding the implementation at national level. Only two Member States have already adapted relevant national legislation.

SMEs fear not having enough time to prepare for all the provisions they have to comply with. At the high-level business roundtable organised by EC Vice-President Ansip and Commissioner Jourová, UEAPME Secretary General Véronique Willems declared that “UEAPME recognises the European Commission’s efforts to reach out to stakeholders and support as much as possible a smooth implementation of the GDPR. In particular, we thank for the workshop that was jointly organised with UEAPME to inform SMEs about the new rules. However, there are still many things for which we remain concerned. First and foremost, only two Member States have already adopted relevant national legislation and are ready for the implementation. This is very worrying from our point of view. Also, we welcome the new online tools but request more practical guidelines and easy templates to enable SMEs to comply with the Regulation.”

As the date of the GDPR’s entering into force is quickly approaching, the European Commission published a new guidance summarising the actions made, the state of play and the next steps to facilitate a smooth and direct application of the Regulation across the EU.

Moreover, the Commission issued a new online tool aimed specifically at SMEs to support practical application of the GDPR and reinstated its engagement in organising events across Member States to help stakeholders in their preparation efforts. In the guidance, the Commission rightly calls on EU national governments and data protection authorities to be ready and provide support.

Indeed, while the provisions of the GDPR are directly applicable to European citizens, it nevertheless requires Member States to take the necessary steps to adapt national legislation by repealing and/or amending national laws. UEAPME regrets that so far only 5 out of 13 guidelines to the application by the Article 29 Working Party are adopted. Work is still ongoing on important topics, such as the issue of consent.

On this point, Ms Willems added that “this does not help to create certitude. This situation at national level can create confusion among SMEs. It is almost surreal to pretend from SMEs to comply with the GDPR by 25 May when today, less than 4 months away, Member States have still not completed the necessary work to prepare the right environment.”

As flagged by the European Commission, UEAPME calls on Member States and National Data Protection Authorities (DPAs) to accelerate their work and make more efforts to activate awareness raising campaigns at national level in cooperation with representative SME organisations as well as to stimulate culture of dialogue between DPAs and stakeholders/SME organisations.