Advomi Logo
Close this search box.

How Do SMEs Apply Our GDPR Compliance Package?

All of our clients receive a custom package for their business. The packages include a guide with analysis on the specific business in relation to the GDPR and they are also provided with a set of documents to be used in various scenarios. In addition, we designed a simpler version of the compliance package for starting companies.


Below are some trends we have identified on how small and medium enterprises have used our GDPR Compliance Package.

Established companies which have been in business for at least 5-6 years

These companies in the EU are familiar with bureaucracy and are used to it. They traditionally associate legal compliance with receiving a certain license or permit and ensuring they have a set of necessary documents.

Directors of established companies will often ask us if they need to register at a supervisory authority or wait for a permit in order to process personal data. They are not really interested in the essence of the GDPR rules since they have already encountered a ton of compliance issues with various laws in the past. They just expect to be presented with a simple procedure which ensures that everything is OK in case of an inspection. Our set of documents and recommendations for measures are the most useful for them.


Starting companies have a different approach towards the GDPR, especially if they operate in the area of e-commerce or have a strong online presence. Startups want to understand the data protection rules and mainly the data subject rights. They focus on the customer, rather than on the supervisory authority. These companies want to assure the users that their rights are respected and not violated. For them the descriptive and analytical part of our compliance package is more useful.

We prefer the second approach to GDPR. The regulation is indeed individual-centric and focuses on the rights of individuals regarding the processing of their personal data. Even if avoiding sanctions is the main concern of a business, these sanctions are much more likely to be provoked by a customer complaint than by a sudden inspection from a supervisory authority.

More resources


Tokenisation of real world assets (RWAs)

Introduction Tokenisation of real world assets refers to breaking down high-value properties, whether tangible (such as art pieces) or intangible (such as financial instruments and…


Gambling Control Act

Introduction The Gambling Control Act 2022 (GCA) is a consolidation and update of previous gambling legislation including the Betting Act 1960, the Common Gaming Houses…



Introduction Retrenchment refers to the termination of an employee’s employment due to redundancy, restructuring or for cost saving reasons, as opposed to termination for poor…


Restraint of Trade Clauses in Employment Contracts

When drafting an employment contract, employers often include a restraint of trade clause in order to restrict what an ex-employee may do post-employment. As defined…


Understanding Crypto Fraud, Investigations and Asset Tracing part 3

After exploring the diverse landscape of blockchain and cryptocurrency frauds in our first article, and delving into the array of disputes in our second installment,…


Understanding Crypto Fraud, Investigations and Asset Tracing part 2

In continuation of our 3-part series unraveling the complexities of blockchain and cryptocurrency, our second installment will delve into the spectrum of Blockchain and Cryptocurrency…