Managing Small Business Privacy Compliance With the Integrated NIST-GDPR Compliance Framework (INGCF/INGC Framework)

Abstract

Small and medium-sized businesses (SMBs) face significant challenges in achieving compliance with the General Data Protection Regulation (GDPR), primarily due to resource constraints, technical limitations, and the regulation's inherent complexity. This research addresses these challenges by developing and validating the Integrated NIST-GDPR Compliance Framework (INGCF), a practical and scalable solution tailored for SMBs. The study employs a multi-faceted methodology, including a comprehensive mapping of the NIST Privacy Framework to GDPR requirements, the constructive development of a layered framework architecture, and a twelve-month validation in real-world SMB environments. The resulting INGCF provides a risk-based, operational approach to privacy governance, enabling SMBs to systematically manage data protection obligations. Key contributions include a detailed NIST-GDPR mapping, a flexible framework architecture, and practical, SMB-specific implementation guidance, offering a clear path to effective and sustainable GDPR compliance for small businesses.