Skip to content. | Skip to navigation

Personal tools
You are here: Home Members European craft and SME employers' organisation SMEs say GDPR needs reality check

SMEs say GDPR needs reality check

12 June 2019
by smeunited -- last modified 12 June 2019

SMEunited calls on the European Commission to make a reality check of the General Data Protection Regulation (GDPR). Ahead of the stocktaking event organised by the Commission on 13th June, SMEunited surveyed its member organisations and their message is clear: the new Commission should work on a reality tested design for the GDPR.


"SMEunited member organisations invested a lot in awareness raising and advice to ensure that the SMEs could comply with the rules during the two years transition period and the past first year of implementation" stated SMEUnited President Rabmer-Koller ahead of the event 'One year of GDPR application: taking stock in the EU and beyond'. "Despite these efforts of SME organisations, and also efforts made by the European Commission and the national authorities to reach out to SMEs, our entrepreneurs still have many questions on the implementation of this extremely complex legislation" she continued.

According to feedback from SMEunited member organisations the main difficulties reported are: (1) assessing whether one is a controller or processor, (2) assessing what processing at large scale means, (3) record keeping of processing activities, (4) appointing a Data Protection Officer and (5) defining the principle of accountability. "Overall this legislation creates severe difficulties for SMEs, especially for micro enterprises as it is not proportional. The "Think Small First" principle clearly was not applied when drafting this legislation. It resulted in increased  administrative burdens and SMEs suffer from a lack of human and economic resources to cope with this legislation", urged the President.

"The main challenge is that the regulation is extremely complex and interpretation is still required. Many SMEs hired external consultants to support them to set up systems to comply with the GDPR. The guidelines published may help to understand the rules, but do not offer guidance on how to apply the theory in the real life", Ms Rabmer-Koller explained and concluded "that there is a clear urgency for the next Commission to review the GDPR to reduce the burdens for the numerous "low-risk" SMEs towards a reality-tested design." At the same time she asks Member States and the national Data Protection Authorities to continue their support and advice for small businesses, instead of fining them.

SMEunited is the association of Crafts and SMEs in Europe with around 70 member organisations from over 30 European countries. SMEunited represents national cross-sectoral Craft and SME federations, European SME branch organisations and associate members. Combined, it represents more than 12 million enterprises with around 55 million employees across Europe. SMEunited is also a recognised employers' organisation and European Social Partner. SMEunited was formally known as UEAPME.

Become a Partner

Partnership gives you:

  • Your own section on - with your press releases, position papers, events, job vacancies etc
  • Each content item linked from topic channels where your organisation has expertise
  • Listing on Partners page
  • Branded with your logo and links

For further details on becoming a Partner, contact email salesSales by email, or phone Nick Prag on +44 (0)20 7193 7242.

Membership options