Bitkom survey: unclear data protection regulations are causing problems for the economy

The European General Data Protection Regulation (GDPR) continues to meet with criticism in the German economy.

This is the result of a representative survey commissioned by the digital association Bitkom among companies with 20 or more employees in Germany, which was published in Berlin on Tuesday.

Even in the fifth year since the data protection regulations came into force, there is still considerable legal uncertainty about the exact specifications of the GDPR, explained 78 percent of the companies surveyed.

88 percent complained that the implementation of the regulation was never fully completed due to new guidelines.

A good two thirds (68 percent) of the companies are of the opinion that strict data protection makes digitization more difficult, said Susanne Dehmel, member of the Bitkom management board.

61 percent believe that data protection is being exaggerated in Germany.

Nevertheless, the majority of companies have implemented the GDPR.

22 percent claim to have fully implemented the GDPR, 40 percent "mostly".

A third admit to having only “partially” adapted to the regulation.

The deficits in implementation are no longer so often due to a lack of specialist staff.

A year ago, a third of the companies complained about a lack of qualified employees.

This value fell to 24 percent in the current survey.

And there are also signs of a slight easing of the required financial resources: in 2021, 37 percent named “lack of financial resources” as one of the biggest challenges in GDPR implementation; in the current survey, the value fell to 32 percent.

Legal basis required for international data transfers

In the survey, the companies also made it clear how important it is to have a legal basis for international data transfers.

60 percent practice a transfer of personal data to countries outside the EU.

A waiver of this data transfer would have serious consequences.

60 percent of companies say they would then no longer be able to maintain global security support, 57 percent state that they would no longer be able to offer certain products and services if data transfers were to be discontinued.

In this case, 55 percent fear competitive disadvantages compared to companies from non-EU countries.

Data transfers to countries outside the EU are legally on shaky ground because the European Court of Justice has invalidated agreements on the transmission of data from Europe across the Atlantic in two decisions.

In June 2020, the ECJ overturned the "Privacy Shield" on the grounds that the level of data protection in the United States did not meet EU standards.

Above all, the judges criticized the far-reaching access possibilities of US secret services to data of Europeans.

In October 2015, the ECJ quashed the transatlantic data protection agreement “Safe Harbor” on a similar basis.