Theoretical background: As of 25 May 2018, every entrepreneur doing business in the EU is obliged to adapt the operation of the business to the requirements under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR). The objective of the EU is to provide uniform protection for the personal data of individuals (hereinafter: personal data) residing in the EU. Entrepreneurs with larger than medium-sized operations have successfully adapted their operations to comply with the legal requirements. However, it has been observed that micro, small, and medium-sized entrepreneurs have faced challenges in implementing the changes brought about by the GDPR regulation.

Purpose of the article: The paper aims to answer the question of what is the relationship between the adaptation of micro, small and medium-sized enterprises from the Opolskie Voivodeship to the GDPR and characteristics of the entrepreneur such as the size of the enterprise, the location of the entrepreneur, the predominant activity and the gender of its managers.

Research methods: This research paper provides an analysis of the outcomes of an empirical study. The study was conducted using a questionnaire technique on a sample of 425 micro, small, and medium-sized entrepreneurs from the Opolskie Voivodeship. It aimed to investigate the influence of particular individual characteristics of an entrepreneur on the ability of their enterprise to adapt to the legal environment on the example of the GDPR. The study selected four characteristics for analysis: enterprise size, entrepreneur’s location, prevailing economic activity, and gender of enterprise managers. Hypothesis verification was performed using Pearson’s non-parametric χ^2 independence test and the V-Cramér correlation coefficient. A significance level of 0.05 was adopted.

Main findings: Based on the analysis, it has been confirmed that the adaptation of micro, small and medium-sized businesses from Opolskie Voivodeship to comply with the GDPR is subject to the unique characteristics of the entrepreneur. However, the verification of the hypothesis that the characteristics determining enterprise adaptation to GDPR by micro, small, and medium-sized entrepreneurs in Opolskie Voivodeship are their size, predominant business activity, location, length of business activity and gender of enterprise managers, showed that it is only partially correct.

Act of 23 April 1964 – Civil Code, Polish Journal of Laws of 2023, item 1610.

Act of 6 March 2018 – Law on entrepreneurs, Polish Journal of Laws of 2023, item 221.

Barnard-Wills, D., Cochrane, L., Matturi, K., & Marchetti, F. (2019). Report on the SME experiences of the GDPR, Deliverable D2.2, STAR II project. https://star-project-2.eu/wp-content/uploads/2021/02/STARII-D-2.2-Report-on-the-SME-experience-of-the-GDPR.pdf

Biernat, M., Tocci, M.J., & Williams, C. (2012). The language of performance evaluations: Gender-based shifts in content and consistency of judgement. Social, Psychological & Personality Science, 2(3), 186–192.

Błażewski, M. (2018). Zasady ochrony danych osobowych. In M. Błażewski & J. Behr, Środki prawne ochrony danych osobowych (p. 29). E-Wydawnictwo. Prawnicza i Ekonomiczna Biblioteka cyfrowa. Wydział Prawa, Administracji i Ekonomii Uniwersytetu Wrocławskiego.

Błoński, M., & Otmianowski, M. (2020), Ryzyko na poważnie. Powaga skutków dla osób fizycznych w RODO. Magazyn ODO. Ochrona Danych Osobowych, 13, 2020.

Dacin, T.M., Goodstein, J., & Scott, R.W. (2002). Institutional theory and institutional change: Introduction to the special research forum. Academy of Management Journal, 45, 43.

David, R.J., Tolbert, P.S.,& Boghossian, J. (2019). Institutional Theory in Organization Studies. Business and Management. https://doi.org/10.1093/acrefore/9780190224851.013.158

Gawroński, M. (Ed.). (2018). RODO. Przewodnik ze wzorami. Wolters Kluwer Polska.

GDPR.eu. (2019). DDPR Small Business Survey: Insights from European small business leaders one year into the General Data Protection Regulation (Report). https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPE.EU-Small-Business-Survey.pdf

Gumlarz, M., & Izydorczyk, T. (Eds.). (2021). Ochrona danych osobowych. Ocena ryzyka i skutków. Metody i praktyczne przykłady. Wolters Kluwer Polska.

Hoofnagle, Ch.J., Sloot van der, B., & Borgesius, F.Z. (2019). The European Union general data protection regulation: What it is and what it means. Information & Communications Technology Law, 28, 65. https://doi.org/10.1080/13600834.2019.1573501

Izydorczyk, T. (2017). Analiza oparta na ryzyku (risk-based approach). In M. Kołodziej (Ed.), Vacemecum ABI, cz. 2: Przygotowanie do roli Inspektora Ochrony Danych (p. 163). C.H. Beck.

Kaźmierczak, J., & Łabuz, A. (2018). Kobieta przedsiębiorca – charakterystyka stylu zarządzania. Studia i Prace WNEiZ US, 52(1), 45–53. https://doi.org/10.18276/sip.2018.52/1-04

Koniarek, J. (1972). Analiza logiczna pytań kwestionariuszowych a zagadnienia ich poprawnego formułowania i interpretacji odpowiedzi. In Z. Gostkowski & J. Lutyński (Eds.), Analizy i próby technik badawczych w socjologii, t. IV: Wywiad kwestionariuszowy w świetle badań metodologicznych (pp. 355–39). Ossolineum.

Krzysztofek, M. (2016). Ochrona danych osobowych w Unii Europejskiej po reformie. Komentarz do rozporządzenia Parlamentu Europejskiego i Rady (UE) 2016/679. C.H. Beck.

Kwapisz, M., & Pelikant, A. (2019). Zarządzanie zmianą w ujęciu RODO i ocena ryzyka. Roczniki Kolegium Analiz Ekonomicznych SGH, 56, 149–170.

Litwiński, P., Barta, P., & Kawecki, M. (Eds.). (2018). Rozporządzenie UE w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i swobodnym przepływem takich danych. Komentarz. C.H. Beck.

Magdziarczyk, M. (2018). Personal data protection in the law of European Union – on the threshold of change. In Modern Science, Issue 1.1: Political Sciences, Law, Finance, international Relation, Viena, Hofburg Congress Center, Austria.

Magdziarczyk, M. (2022). Przetwarzanie danych osobowych w świetle Ogólnego Rozporządzenia o ochronie danych osobowych (RODO) wobec wyzwań pandemii wywołanej koronawirusem COVID-19. In J. Jaskiernia & K. Spryszak (Eds.), System ochrony praw człowieka w Europie w czasie wyzwań pandemicznych (pp. 256–271). Wyd. Adam Marszałek.

Magdziarczyk, M. (2023). Wdrożenie RODO przez mikro-, małych i średnich przedsiębiorców jako zarządzanie zmianą. Wyd. Politechniki Śląskiej.

Martin, Y., & Kung, A. (2018). Methods and tools for GDPR compliance through privacy and data protection engineering. IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). https://doi.org/10.1109/EuroSPW.2018.00021

Ordinance of the Council of Ministers of 30 November 2015 on the manner and methodology of keeping and updating the national official register of entities of national economy, specimens of applications, questionnaires and certificates, Polish Journal of Law of 2015, item 2009, as amended.

PARP. (2022). Czy płeć ma znaczenie na stanowiskach kierowniczych? Fundusze Europejskie na podnoszenie kompetencji menadżerskich. https://www.parp.gov.pl/attachments/article/83245/17%20pa%C5%BAdziernika%20info.pdf

Powell, W.W., & DiMaggio, J.P. (Eds.). (1991). The New Institutionalism in Organizational Analysis. University of Chicago Press.

Selznick, P. (1996). Institutionalism “Old” and “New”. Administrative Science Quarterly, 41(2), 270–277. https://doi.org/10.2307/2393719

Shapiro, S., & Borie-Holtz, D. (2020). Small business response to regulation: incorporating a behavioral perspective. Humanities and Social Sciences Communications, 7(58). https://doi.org/10.1057/s41599-020-00552-5

Sobczak, J. (2016). Zarządzanie ochroną danych osobowych w przedsiębiorstwie. Przedsiębiorstwo i Zarządzanie, 17(8/2), 27–39.

Quelle, C. (2015). Dose the Risk-Based Approach to Data Protection Conflict with the Protection of Fundamental Rights on a Conceptual Level? https://ssrn.com/abstract=2726073

Quelle, C. (2017). The “risk revolution” in EU data protection law: We can’t have our cake and eat it too, Tilburg Law School Legal Studies Research Paper Series, 17. http://ssrn.com/abstacct=3000382

Zanker, M., Bureš, V., Cierniak-Emerych, A., & Nehéz, M. (2021). The GDPR at the organizational level: A comparative study of eight European countries. E&M Economics and Management, 24(2), 207–222. https://doi.org/10.15240/tul/001/2021-2-013