A data protection story-learning and implementation tool designed for SMEs

DAAZ - ‘Data Accountability from A to Zen’

Logo-Daaz

Presentation of DAAZ

The CNPD, in collaboration with the Luxembourg House of Cybersecurity and the National Cybersecurity Competence Center (hereinafter the ‘LHC-NC3’), developped DAAZ, a GDPR compliance tool that addresses the challenges faced by start-ups and small and medium-sized enterprises established in the Grand Duchy of Luxembourg (hereinafter the ‘SMEs’) in terms of complying with the GDPR (‘General Data Protection Regulation’).

Selected in a competitive call for projects by the European Commission, DAAZ, an acronym for ‘Data Accountability from A to Zen’, has been co-funded by the European Union as part of the ALTO project (‘dAta Protection compLiance supporT tOolkit’). DAAZ provides players in the national economy with a simple, intuitive, and free online tool enabling them to integrate their GDPR obligations as data controllers or processors into their business activities. They are supported in assessing, strengthening, and maintaining their compliance with the GDPR, thereby improving their transparency and consolidating consumer confidence.

The tool DAAZ comes in response to the personal data protection challenges faced by SMEs in particular, who are often at a disadvantage compared with large organisations in terms of resources and expertise. Moreover, these players operate in a complex economic environment, marked in particular by the digitisation of all sectors of society, the rise of artificial intelligence and a rapidly evolving legal framework.

The platform was created in two phases. To identify the needs of SMEs, the CNPD first gathered the opinions and comments of 215 entrepreneurs via an online questionnaire.

For us, it was crucial to focus DAAZ on the user experience,’ says Jérôme Commodi, legal expert at the CNPD and project coordinator. ‘To achieve this, after determining the needs of the users, the project team applied the “story learning” and “learning by doing” methods to ensure optimum immersion and maximum user involvement. The main challenge was to make the protection of personal data accessible in non-legal language and to create a tool capable of capturing the interest of SMEs’.

The second phase involved developing the platform, testing it with the help of SMEs and optimising it. The contributions of the experts from the LHC-NC3 were essential for the technical part, especially as the National Cybersecurity Competence Center (NC3) has solid experience in raising awareness among SMEs of IT security and respect for privacy, through its ‘Fit4Cybersecurity’ and ‘Fit4Privacy’ tools.

It's a playful tool that takes advantage of gamification,’ says Pascal Steichen, CEO of the Luxembourg House of Cybersecurity. ‘We have created a platform that is intuitive, educational and affordable for everyone.’

DAAZ, which can be accessed at www.daaz-gdpr.lu, is designed to support citizen engagement, equality among all members of society and the implementation of EU rights and values. Currently offered in French, German, and English versions of the tool will be made available shortly.

If you have any further questions or would like to request an interview, please do not hesitate to contact us.

Dernière mise à jour