GDPR and Suppliers in SMEs.

The General Data Protection Regulation (GDPR) EU 2016/679 came into force in May 2018, obliging organizations to change all processes that treat citizens Europeans' data. This Regulation is critical because it enshrines hefty fines for all organizations and individuals who do not comply. One of the main changes is the written agreements with all suppliers, which share personal data. More than 95% of the business world are Small-Medium Enterprises (SMEs), and SMEs represent 99,9% of business in Portugal. However, SMEs have scarce resources, thus making it challenging for these organizations to comply with GDPR and, in particular, to solve the written agreements. The authors have worked with SMEs to comply with RGPD and have developed a methodology to fulfill the supplier's agreements. We will show the results obtained and discuss the main challenges SMEs face in such a large regulatory. [ABSTRACT FROM AUTHOR]