Berlin, 27th September 2018 - Four months have passed since implementation deadline for the EU’s basic regulation on data protection. Only one quarter of companies (24%) have fully, 40% mostly, and 30% partially implemented the rules. Five percent of companies have only started to initiate the process. These are the results of a survey with more than 500 companies in Germany as presented by Bitkom during its annual privacy conference. “The results are clear: A lot of companies underestimated the implementation. For some, it’s not a problem of timing but rather an ideal, which cannot be achieved”, says Susanne Dehmel, managing director at Germany’s digital association.
The majority of companies complain about manifold additional requirements, while taking care of their usual business (8 out of 10 companies). Of these companies, 45% state that it caused a significantly higher work load. Both numbers have increased in comparison to the last survey from May 2018. Particularly, the obligation on documentation and information are a source for discontent. Moreover, educating the work force on relevant data protection rules is difficult: „For companies the GDPR is a big challenge in the long run”, says Dehmel.
Companies demand improvements
96 per cent of companies ask for corrections to the new rules. Six out of ten companies even demand a simplification of the GDPR. 90 per cent of those asking for an improvement of the status quo see a reduced burden for smaller businesses as the most important objective of a simplified GDPR (90 per cent). 83 per cent ask to remodel the information duties of the GDPR in a more practicable way. Around one third (37 per cent) would like to ease the requirement on establishing a data protection officer.
Generally, opinion on the GDPR has deteriorated significantly within the past year. Almost two thirds of companies (63 per cent) currently say that the GDPR complicates their business processes; in September 2017 only 42 per cent said so. Only 30 per cent still believe that the GDPR is advantageous for their business, a year ago this figure stood at 39 per cent. However, 62 per cent also believe that the new rules will lead to more uniform conditions for competition in the EU, 46 per cent believe the GDPR is a competitive advantage for European companies.
Most companies are aware of ePrivacy
86 per cent of companies have heard about the ePrivacy regulation, and 75 per cent of companies have already looked into its potential implications. But while 79 per cent believe it could lead to fairer conditions for competition between communications service providers, four out of ten also think it might negatively affect the market for online advertisement in Europe. Bitkom Managing Director Susanne Dehmel: „The current draft of the ePrivacy regulation endangers new business models in fields like the Internet of Things and AI with its numerous special provisions. Software updates and advertisement-based websites could also be negatively affected by the regulation.”
Bitkom has released two guides on the topic (in German):
“Machine Learning and the transparency requirements of the GDPR”
analyses machine learning processes and their compatibility with transparency requirements of the GDPR also with regard to the legal basis on which machine learning can function from a data protection perspective. The guide
„ePrivacy and Digital Analytics & Optimisation“
assesses the consequences of the GDPR and the ePrivacy regulation on analytics in online advertisement and marketing.
