Berlin, 21 May 2023 - The European General Data Protection Regulation is hampering innovation in large parts of the German economy and is perceived as an obstacle to growth and prosperity in the digital world. 6 out of 10 companies (62 percent) are hesitant to use data because they are afraid of violating data protection rules. Almost as many (60 percent) have already stopped plans for innovations because data protection regulations or uncertainties have forced them to do so. One in five companies (22 percent) state that this has already happened frequently, 24 percent several times and 14 percent once so far. This was pointed out by the digital association Bitkom on the occasion of the upcoming fifth anniversary of the GDPR. The regulation has been in force since 25 May 2018. The figures are based on a representative survey of 602 companies with 20 or more employees from all sectors. "A single data protection law for the whole EU was and is a great project for citizens as well as for the EU as an economic area. However, after five years of the General Data Protection Regulation, it has to be said: The GDPR has not delivered on its promise to ensure uniform, understandable and practicable data protection rules across Europe. Instead, the independent interpretation of the rules by each national and regional supervisory authority leads to legal uncertainty. Many companies therefore refrain from developing new technologies and services - or relocate their projects abroad. This is demonstrated not least by bans on innovative technologies such as ChatGPT in individual EU member states, which are causing massive uncertainty," says Bitkom President Achim Berg.
58 percent of companies believe that Germany is giving away opportunities for growth and prosperity because data use is too often dispensed with. 63 percent say that strict rules stifle innovative data-driven business models in Germany or drive them out of the country. "Data protection is extremely important in our digital world. However, we are currently experiencing a paralysing fear of mistakes and a one-sided weighing up of data protection and the added value of data use," says Berg. This applies, for example, to cross-border cooperation projects and medical research, but also to the digitalisation of the healthcare system or administration. Small and medium-sized enterprises in particular are lacking practical support to implement innovative business ideas and grow in the data economy. "The existing scope of the GDPR is hardly used in Germany," says Berg. "We need to see data processing as an opportunity, not always just as a risk. If we continue for five years like we have been doing lately, we will weaken our innovation and competitiveness."
Bitkom specifically calls for greater standardisation of data protection supervision. Currently, there are 18 independent data protection supervisory authorities in Germany alone. In addition, data protection must be oriented more towards real risks than theoretical risks. This should also apply in particular to the current discussions on German employee data protection. In Bitkom's view, the supervisory authorities should also be obliged not only to issue bans or even blanket product warnings and impose fines, but also to provide support for data protection-compliant implementation.
The information is based on a survey conducted by Bitkom Research on behalf of the digital association Bitkom. 602 companies with 20 or more employees in Germany were surveyed by telephone. The survey is representative of the economy as a whole. The questions were: "To what extent are the following statements on the subject of data policy true or not true from your company's point of view?"; "Have you ever stopped plans to innovate in your company in connection with the use of data because of legal requirements or uncertainties?"