Dear Lina, 

Thank you for your email. Please find TRI's answers enclosed. 

Part A: the missing points include:

  • TRI validation of PIC status, so far it’s marked as DECLARED
TRI-IE is now validated. Should the system still show differently, please let us know.

  • Starting date of the project: it can be the first day of the month after the entry into force of the GA or we can agree on a fixed starting date. We prepared timeline projections of STAR and STARII projects in order to see ‘peak times’. We consider August to be the most optimal date for starting STARII.
We would strongly advise in favour of June as a starting month for the following reasons:


Part B: we have prepared a draft Annex B. For it to be completed we need to agree upon changes that we are going to make in the DOW based on the comments provided in the evaluation form. These comments concern:

The scope of the project: 


  • The geographical spread of the proposal is not very clear. How are you going to benefit all SMEs and data protection authorities in all EU Member States if the practical activities are targeting one single Member State (Hungary), and indirectly others?
  • The target group is very broad, consisting of all SMEs in the EU, on the one hand, and data protection authorities on the other hand. How could we explain t this approach and what is the benefit of providing such a Europe-wide effort?
  • It is difficult to understand in the way the project is written, whether the specific activities of the project target only Hungarian SMEs or all SMEs in the EU.
We suggest to add a few lines describing how we will identify our target for interviews and for the other activities, such as by identifying key industries and business sectors to ensure a consistent efficacy of the services. This would both serve as a reassurance for the EC that the project is targeting the EU and not just Hungary, and at the same time it would cast light about how we aim to achieve a broad beneficial effect across sectors.

The hotline:


  • This activity is not entirely convincingly presented. It is stated that the hotline will be operated in English and Hungarian, with other languages on needs basis. The results of the hotline questions will again form a basis for research activity.
  • The e-mail based "hotline" is planned for one year, and it is not clear whether or how it will continue.

We suggest to reassure them that the hotline will be operated by NAIH but that the other partners will support NAIH in answering questions in other languages. We suggest to make some examples of other languages we speak in the consortium, such as Dutch, Italian, German …

Results:


  • The EU-wide general handbook for SMEs raises challenges in terms of addressing a wide variety of fields and types of SMEs in various countries, which means the handbook remains quite general in nature and thus might duplicate the already existing (CoE/FRA general handbook). There are also some national differences in implementation of data protection rules that the project might not consider fully.
We are not sure that we should systematically consider all national implementing legislation to the GDPR, as it would broaden the scope of our handbook research beyond our capabilities. What we could do is to decide 2-3 legal systems to focus on and compare when it comes to analyse rules that need national implementation.

With regard to the risk of an overlap with the CoE general handbook, we could underline that our approach would be different: while that handbook is mainly focused on giving a plain overview of the legislation, basically repeating the legislation, ours would tackle specific issues, such as DPO, DPIAs, the right to be forgotten, etc., based on the responses we collect from SMEs. To put it differently, we could reassure them that our handbook will be an issue-focused handbook rather than a general handbook.
  • The responsibility regarding updating of the handbook is unclear.
We could reassure that the handbook will be updated at the end of the project and that we are confident that at that point it will cover most of the relevant issues.
  • It is quite unlikely that SMEs might read about the project in an academic journal. Relying mainly on academic analysis in the EU as a whole, the needs assessment is not followed by the examination of the specific needs of the Member States.
It is true that SMEs do not read academic journals, but this is not the only way we connect with companies under this project.
  • The project website will be maintained for two years only after the end of the project. It’s suggested to incorporate the content of the website on the NAIH’s website.
We could consider to maintain the standalone website for 4 years, as it happens with other H2020 websites.


Best wishes, 

Filippo







Dr Filippo Marchetti
Trilateral Research Ltd.
72 Hammersmith Road, London W14 8TH
+44 (0) 2075593550
www.trilateralresearch.com

Il giorno 05 apr 2018, alle ore 09:25, Lina JASMONTAITE <Lina.Jasmontaite@vub.be> ha scritto:

Dear all, 

Almost all information that is necessary for the completion of the grant agreement has been entered into the EC portal.

Part A: the missing points include:


  • Details of NAIH department that is going to carry out the project and NAIH’s validation of partner summary info
  • TRI validation of PIC status, so far it’s marked as DECLARED
  • Starting date of the project: it can be the first day of the month after the entry into force of the GA or we can agree on a fixed starting date. We prepared timeline projections of STAR and STARII projects in order to see ‘peak times’. We consider August to be the most optimal date for starting STARII.

Part B: we have prepared a draft Annex B. For it to be completed we need to agree upon changes that we are going to make in the DOW based on the comments provided in the evaluation form. These comments concern:

The scope of the project: 


  • The geographical spread of the proposal is not very clear. How are you going to benefit all SMEs and data protection authorities in all EU Member States if the practical activities are targeting one single Member State (Hungary), and indirectly others?
  • The target group is very broad, consisting of all SMEs in the EU, on the one hand, and data protection authorities on the other hand. How could we explain t this approach and what is the benefit of providing such a Europe-wide effort?
  • It is difficult to understand in the way the project is written, whether the specific activities of the project target only Hungarian SMEs or all SMEs in the EU.

The hotline:


  • This activity is not entirely convincingly presented. It is stated that the hotline will be operated in English and Hungarian, with other languages on needs basis. The results of the hotline questions will again form a basis for research activity.
  • The e-mail based "hotline" is planned for one year, and it is not clear whether or how it will continue.

Results:


  • The EU-wide general handbook for SMEs raises challenges in terms of addressing a wide variety of fields and types of SMEs in various countries, which means the handbook remains quite general in nature and thus might duplicate the already existing (CoE/FRA general handbook). There are also some national differences in implementation of data protection rules that the project might not consider fully.
  • The responsibility regarding updating of the handbook is unclear.
  • It is quite unlikely that SMEs might read about the project in an academic journal. Relying mainly on academic analysis in the EU as a whole, the needs assessment is not followed by the examination of the specific needs of the Member States.
  • The project website will be maintained for two years only after the end of the project. It’s suggested to incorporate the content of the website on the NAIH’s website.

Could you please provide your suggestions on how we should address comments made in the evaluation by COB 9 April?



Best regards,

Lina Jasmontaite

Doctoral researcher 

Law, Science, Technology and Society (LSTS)

Vrije Universiteit Brussel (VUB)  

Brussels Privacy Hub (BPH)  

Room 4B306, Pleinlaan 2, 1050

Brussels, Belgium

 


http://secure-web.cisco.com/15PF1KlBZlHULJPYUQqz7GcWNhHguO5Erk3ohn3AiBXFKYBZjZ2FgSfFqUSUxt0xZY_NylMcODishOowIqHYayERCYjpp0FhVkTqNoWFd-za2lq_i5wy_NTO9yVwG8HhRQ8WYt2nbfcLFH1JC0w4F3JzVXpx5o7dfHB48G9if8ivMJH-G64KIjK-mlC34AcI6mS9qhVvgO9fBSRPsMsGw-CmkIHRgjTOjRAOZskNCj6utio6_MUIf-OmMk6no7sCj/http%3A%2F%2Fwww.vub.ac.be%2FLSTS%2F || http://secure-web.cisco.com/1rGBrw6DfMuRF1PGJbF-lJ-54m8ajR0E-2IyoxEfCJfhMtr_J7nuNkfgybjKsQjNIMbKySaoXO8q8KNKI5fs2qyyzsWSuQv_1tqX7mTl7sPg36Q7lqSXcDULhOjm_NRgbSw8SbgVW5J_j8O_8i7voDuAAMZgC4NTlj_BgRNcXNjgAVW556hBkdmfVYqWV74W_oys6aQorj-K29WsgA-4N9XGNeuD2K58ITOFzuA5YvPFQsbs1gEx5pLrCZem8QBuF9CsWvoQlJNGw4DzUT9CBMg/http%3A%2F%2Fwww.vub.ac.be || http://secure-web.cisco.com/1fk-ioUDs0tp2pD3TdGsejRS_B74qo_tnDw168MW3cT2M3TnZCaDqai66-hG2Xrhi4NeINDM8sxumUP-wcXaehes_DbqLhZllYHZluUMI_N45lLe6JWrVMWwnZDeZbB72z0bO8AtHNPxfx455NX3zj2erKphebgBqdLYhhlB9a5tCSu_WaOfSWOf9DVT-e4aSAzUR8ab8IBKIYp0_08oD1eYhipVi0u57__F30VUHq9SlLbjTNT6e5xmJeI5xDz8_erdMoGITgAN4HNAUV8P_UA/http%3A%2F%2Fwww.brusselsprivacyhub.org




<STARII & STARI.xlsx>_______________________________________________
STAR mailing list
STAR@listserv.vub.ac.be
https://listserv.vub.ac.be/mailman/listinfo/star