The CNPD (National Commission for Data Protection), in partnership with the Luxembourg House of Cybersecurity, the National Cyber Security Competence Centre (LHC-NC3), aims to help Luxembourg start-ups and SMEs comply with the GDPR through the ‘dAta Protection compLiance supporT tOolkit’ (ALTO Project) project.
The objective of this project is to provide SMEs with a simple, intuitive and free self-assessment tool to help them integrate GDPR requirements into their activities. It will focus on the fundamental principles of the GDPR and increased respect for individual rights related to personal data. ALTO is aimed at all SMEs, whether acting as controllers or processors.
The CNPD wishes to support SMEs in their assessment, progress and compliance with the GDPR, which will strengthen their transparency and consumer confidence, thus playing a key role in the national economy.
To achieve this, the CNPD joined forces with the LHC-NC3, which has already shown a keen interest in raising SMEs’ awareness of cybersecurity and privacy through its Fit4Cybersecurity and Fit4Privacy tools.
ALTO will be aself-assessment tool that can be adapted in other Member States, as it is based on open-source software and the GDPR, thus ensuring a uniform application for all EU SMEs. This project was selected by the European Union as part of the 2021 call for projects for national data protection authorities, supporting EU rights and values.
Who is affected by the GDPR?
The GDPR applies to all companies, including SMEs, that collect, store or use personal data, thus designating them as data controllers. If they process this data on behalf of other entities, they are considered to be processors. SMEs benefit from certain flexibilities, in particular as regards the appointment of a data protection officer. To help organisations comply with the GDPR, the CNPD also offers a 7-step guide.
Project phases
The first step was to identify the needs of SMEs and understand the data protection challenges they face. To this end, a working group gathered the opinions and needs of volunteer SMEs through an online questionnaire or interviews opened in spring 2023. You can already consult the statistics of this first phase here.
The second step is to test and improve the ALTO tool developed by the CNPD/LHC-NC3 partnership. The objective of this call is to gather feedback from SMEs that participated in the testing phase, in order to assess the practicality, intuitiveness, functionality and effectiveness of the self-assessment tool to achieve the ambitious objectives of the ALTO project.
Who can participate in the project?
This call for participation is open to professional chambers, professional associations, their members as well as SMEs (with a maximum of 75 employees), start-ups and independent professionals, regardless of their sector of activity. The aim is to seek input from these economic actors to improve their understanding of and compliance with the GDPR. We are looking for participants, whether they are already engaged in GDPR compliance or are still in the early stages, and whether or not they have in-depth knowledge of the GDPR.