Skip to content

Data protection

All organisations must comply with the applicable data protection legislation when processing personal data, regardless if you are a public authority, a small company or an association.

The data protection legislation is based on human rights. All individuals have fundamental rights and freedoms, in particular their right to protection of their personal data. On these pages you find information regarding the data controller’s obligations.

The General Data Protection Regulation (GDPR)

All businesses that handle personal data must comply with the General Data Protection Regulation (GDPR). This means, among other things, that you need to follow the fundamental principles, ensure that the processing has a lawful ground and inform the data subjects about how you handle their personal data.

This applies according to GDPR


Data Protection Guide for Small Business

The EDPB has launched a Data Protection Guide to help small business owners on their way to become more data protection compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and easily understandable format.

The Guide covers various aspects of the GDPR, from data protection basics, to data subject rights, data breaches, and more. It contains videos, infographics, interactive flowcharts, and other practical materials to help SMEs put data protection into practice. In addition, the Guide contains an overview of handy materials developed for SMEs by the national Data Protection Authorities.

The Guide is currently available in English and will be made available in other EU languages over time.

The Guide is one of the EDPB’s awareness raising actions for 2023 and was included as a key initiative in the EDPB’s 2021-2023 Strategy.

Data Protection Guide for Small Business

Latest update: 20 February 2024
Page labels Data protection