According to a Bitkom survey, the implementation and interpretation of the GDPR is causing difficulties for many companies even after five years since it came into force. Find out here where these occur and what possible assistance is available.
Bitkom survey on the DSGVO
Commissioned by the digital association Bitkom, a representative Survey took place, in which 503 companies in Germany, each with at least 20 employees, answered questions about the GDPR and its implementation. Bitkom presented the survey in Berlin on September 27, 2022.
Implementation and effort
The vast majority of companies surveyed have at least begun to implement the requirements of the GDPR. 22 percent of respondents report full implementation. 40 percent are of the opinion that they have implemented the requirements "for the most part", 33 percent "partially".
93 percent of respondents have increased investments in data protection at their company. It varies greatly whether this additional expenditure is seen as remaining constant in the future or as a one-off. At the very least, the effort has not decreased for any company.
Disruptive factors
The Companies on the reasons for incomplete implementation of the GDPR surveyed. Most respondents see these reasons in external disruptive factors. Above all, the legal uncertainty regarding the interpretation of the GDPR was lamented. This is particularly apparent when comparing the individual federal states, but also the countries of Europe. Due to this legal uncertainty, most companies see the implementation of the GDPR as an ongoing process that requires constant adjustment. It also takes a lot of time to make the necessary IT and system changes.
GDPR can put the brakes on digitization
The GDPR is viewed critically by the companies surveyed, particularly with regard to its influence on digitalization. More than 60% see the company's digitalization as being hampered by the requirements of the GDPR. In some cases, innovation projects had to be data protection concerns within the companies be canceled. Some even see data protection in Germany as excessive. Bitkom CEO Dr. Bernhard Rohleder emphasizes on this point that data protection should "not become an end in itself" and agrees with the call for more uniform interpretations.
Assistance for companies
The data protection supervisory authorities of the federal states are supposed to function as the first point of contact for assistance. Around half of the companies surveyed have already made use of this service. However, the quality of the assistance provided seems to vary greatly. This needs to be improved. Above all, according to Bitkom's analysis of the survey, work needs to be done to provide practical recommendations as well as concrete information. In addition, many companies do not know that the supervisory authorities provide advice at all (20 percent) or simply did not have the time to make contact (27 percent). For some companies, the supervisory authorities even have such a bad reputation that they are no longer contacted.
In order to achieve concrete and practical Advice on data protection law topics in the company, the data protection officer is still very well suited. Above all a external data protection officer is always trained in the latest issues relating to the GDPR and has an overview of the company. This guarantees quick and simple solutions with minimal effort.
Are you still looking for an external data protection officer? Feel free to contact us! Our team of experts will also be happy to assist you with all other concerns relating to data protection and data security.
English 
Deutsch 
Español 
Français 
Polski