How can GDPR fines help SMEs ensuring the privacy and protection of processed personal data

The European Union created in 2016 the General Data Protection Regulation - GDPR - with mandatory application throughout the European Union from 25 May 2018. One of the main obligations of all companies, in the GDPR, including SMEs - Small and Medium Enterprises, acting as controllers or subcontractors, is the security of personal data. While large companies can implement and respond appropriately to these challenges, SMEs do not always have the expertise and resources to do so. The application of fines and penalties, in this unpredictable scenario of data breach, without the ability to demonstrate the adequate level of compliance, may condition the continuity of their business.The main goal of this research is to propose a solution for the protection and privacy of personal data, which allows small and medium-sized enterprises to prepare for compliance with the rules regarding the legal obligations of the GDPR, including decision support criteria, considering the existing legal sanctions in the European context.