According to a Bitkom survey, the implementation and interpretation of the GDPR is causing difficulties for many companies even after five years since it came into force. Find out here where these occur and what possible assistance is available.
Bitkom survey on the DSGVO
Commissioned by the digital association Bitkom, a representative Survey took place, in which 503 companies in Germany, each with at least 20 employees, answered questions about the GDPR and its implementation. Bitkom presented the survey in Berlin on September 27, 2022.
Implementation and effort
The vast majority of companies surveyed have at least begun to implement the requirements of the GDPR. 22 percent of respondents report full implementation. 40 percent are of the opinion that they have implemented the requirements "for the most part", 33 percent "partially".
93 percent of respondents have increased investments in data protection at their company. It varies greatly whether this additional expenditure is seen as remaining constant in the future or as a one-off. At the very least, the effort has not decreased for any company.
Disruptive factors
The companies were also asked about the reasons for incomplete implementation of the GDPR. Most respondents see these reasons in external disruptive factors. Above all, they complain about the legal uncertainty regarding the interpretation of the GDPR. This is particularly evident when comparing the individual German states, but also the countries of Europe. Because of this legal uncertainty, most companies see the implementation of the GDPR as an ongoing process that requires constant adaptation. It also takes a lot of time to make the necessary IT and system changes.
GDPR can put the brakes on digitization
The companies surveyed were critical of the GDPR, particularly in terms of its impact on digitization. More than 60 percent see the digitization of the company as being inhibited by the requirements of the GDPR. In some cases, innovation projects had to be canceled due to data protection concerns within the companies. Some even see data protection in Germany as excessive. On this point, Bitkom CEO Dr. Bernhard Rohleder emphasizes that data protection "must not become an end in itself" and agrees with the call for more uniform interpretations.
Assistance for companies
The data protection supervisory authorities of the federal states are supposed to function as the first point of contact for assistance. Around half of the companies surveyed have already made use of this service. However, the quality of the assistance provided seems to vary greatly. This needs to be improved. Above all, according to Bitkom's analysis of the survey, work needs to be done to provide practical recommendations as well as concrete information. In addition, many companies do not know that the supervisory authorities provide advice at all (20 percent) or simply did not have the time to make contact (27 percent). For some companies, the supervisory authorities even have such a bad reputation that they are no longer contacted.
In order to receive concrete and practical advice on data protection issues in the company, the data protection officer is still very suitable. Above all, an external data protection officer is always trained in the latest issues surrounding the GDPR and can keep an overview of the company. This guarantees quick and simple solutions with minimal effort.
Are you still looking for an external data protection officer? Feel free to contact us! Our team of experts will also be happy to assist you with all other concerns relating to data protection and data security.
English 
Deutsch 
Español 
Français 
Polski