Enabling SMEs to comply with the complex new EU data protection regulation

The European General Data Protection Regulation (GDPR) introduces privacy requirements that pose a complex challenge especially for small and medium sized enterprises (SMEs). In this paper, we present a software-supported process model developed by us that helps SMEs to establish processes ensuring the rights of the data subjects and prepare the documentation that is necessary to comply with the GDPR. Three small case studies illustrate the work with the process model and lessons learned from these practical applications of our tool give further insights into the topic.