ePrivacy Regulation

However, only a quarter (25%) have fully implemented the GDPR. This is the result of a representative survey of more than 500 companies from Germany, which the digital association Bitkom presented at its Privacy Conference.

A further 24 percent have partially implemented the regulation, while six percent are still in the early stages.

"The General Data Protection Regulation hits small and medium-sized companies particularly hard"

says Susanne Dehmel, member of the Bitkom management board.

"There are still major uncertainties regarding the interpretation of the new rules. Full implementation of the GDPR seems impossible for many companies."

Legal uncertainty and implementation costs that are difficult to estimate are the biggest challenges for two thirds of companies (68 percent).

More than half (53 percent) complain about a lack of implementation aids, while a good third (37 percent) see a lack of specialist staff as the biggest challenge.

No brake pad

"We need to further develop data protection rules in such a way that the protection of privacy and the development of innovative data-driven business models can be reconciled. Data protection should not be an annoying brake pad, but a guardrail with an orientation function for data-based services"

says Dehmel.

Almost all companies (98%) are calling for improvements to the GDPR. At the same time, almost as many (95%) are of the opinion that the GDPR is practically impossible to implement in full.

Three quarters (74%) state that their customers are annoyed by additional information sheets and notices. Three out of ten respondents (29%) believe that the GDPR is preventing innovation within the EU.

And one in six companies (16%) even say: The GDPR is a threat to our business. More than half (57%) believe that the GDPR will lead to more uniform competitive conditions in the EU. And a quarter (25%) see advantages for their own company in the General Data Protection Regulation.

"The EU Commission will closely examine the GDPR next year. It should provide relief for SMEs and also facilitate the use of data in the research environment.

In the innovation environment and especially for key technologies such as artificial intelligence, the framework conditions must keep pace with developments.

We need the necessary momentum here to harmonize data protection and data processing, risk assessments and economic and social potential"

says Dehmel.

In addition, companies are facing data protection challenges as a result of the upcoming Brexit. More than half (53%) have their personal data processed by external service providers abroad.

Of these, eleven percent have this done in the UK. As a result, the vast majority (84%) of those who currently have their personal data processed in the UK no longer want to do so after Brexit. Dehmel:

"After Brexit, personal data can no longer be transferred to the UK without further ado. Without a Brexit deal, many affected companies will have to adapt and redesign their processes immediately. This could have a direct impact on business success and severely affect the German economy as a whole."

In order to continue to guarantee the free movement of data, Bitkom believes that the EU would have to adopt a so-called adequacy decision. In the event of a no-deal scenario, however, such a decision would not be available in time.

Finally, Susanne Dehmel:

"The EU must learn from the experience of the GDPR. An unclear and overly broad regulation provokes legal uncertainty and problems with implementation. As things stand, the ePrivacy Regulation is jeopardizing the innovative strength and competitiveness of European companies."