Three years after GDPR came into force, many enterprises still do not comply. Especially micro and small businesses are overwhelmed by the complexity of the regulation. Due to the abstract and broad formulation of GDPR, the requirements are often unclear. Several online tools are trying to help enterprises on their path to GDPR compliance. However, the self-assessments tools are not suited for micro and small businesses due to their complexity. The goal of the project is to develop a prototypical web application which provides a self-assessment for GDPR compliance dedicated to SMEs.

Design science research was used as methodology for the project. First, the knowledge base needed to be established through literature research about GDPR and its implications for SMEs. An expert interview with a data protection consultant supported the literature research with practical insights. An analysis of two existing self-assessment tools provided valuable insights for the development of the web application. After the development of the prototype, an evaluation in form of technical and field tests was conducted.

The conducted research proved that SMEs are struggling to comply with GDPR. Rather than as-sessing complete GDPR compliance, the developed web application is intended to assess basic concepts of GDPR in a simple way and motivate micro and small business to think about data pro-tection. The developed web application provides a well-designed user interface and is structured in a way that allows simple adjustments of the content. As the content itself is not in the scope of the bachelor thesis, a follow-up project for the provision of the content is needed to release the web ap-plication. The evaluation of the prototype resulted in the finding that micro and small business own-ers are interested in using the prototype once the content is provided. However, it also became ob-vious that the problem of GDPR compliance for SMEs is not going to be solved through a single tool and many small pieces need to be put together to facilitate the path to GDPR compliance for SMEs. The prototypical self-assessment tool could potentially be one of these pieces.