The General Data Protection Regulation has been in force within the EU for more than six years. The different interpretations in the federal states pose challenges for the German economy.
Companies in Germany find themselves heavily burdened by the European General Data Protection Regulation (GDPR), even six years after it came into force. In a representative survey by the digital association Bitkom, more than nine out of ten companies (94 percent) complained about the high cost of data protection. Around two thirds (63 percent) of the companies surveyed said that the effort for data protection had increased in the past year, while in 36 percent the effort remained the same – and had not decreased anywhere.
Data protection guidelines hinder digitalization
For the Bitkom study, 605 companies with 20 or more employees in Germany were surveyed by telephone between July and September 2024. In the survey, 70 percent of companies stated that they see digitalization as being inhibited by data protection. Companies' dissatisfaction with the GDPR is also due to the fact that data protection officers in Germany and the states of the European Union interpret the rules quite differently.
76 percent of companies complain about legal uncertainty regarding the GDPR, 61 percent criticize the high requirements and 56 percent criticize the inconsistent interpretation. 80 percent of companies want reforms in data protection supervision, 67 percent even want centralization.
Bitkom line: Errors must not be repeated
Susanne Dehmel, member of the Bitkom management, explained that the protection of personal data is an integral part of the value system in Germany. However, the implementation and interpretation must be adjusted so that data protection remains practical. “We are exaggerating data protection in Germany.” The industry association Bitkom sees new challenges in the area of artificial intelligence (AI). In the survey, 52 percent of the companies surveyed said that data protection requirements would hinder the use of AI.
Dehmel emphasized that artificial intelligence can make a contribution to solving current societal challenges: “We must design data protection in such a way that it protects personal data from unauthorized access by AI models, but at the same time promotes the development and use of AI in Germany and Europe. “Artificial intelligence needs understandable and manageable rules. The mistakes of the General Data Protection Regulation from previous years should not be repeated in the current digital laws of the European Union, the “AI Act” and the “Data Act”.
Even before the introduction of the GDPR, warnings about a “bureaucratic monster”
Even before the introduction of the GDPR, FOCUS online expert Joachim Haedke warned of the problems associated with the regulation. The implementation of the GDPR will cause enormous bureaucratic effort and uncertainty for companies, predicted the corporate finance expert. Companies have to make extensive adjustments, such as hiring a data protection officer and documenting their data processing processes. These measures result in significant costs and could lead to legal disputes.
Entrepreneurs would fear massive additional costs and lengthy dunning procedures. Haedke cites a survey according to which four out of five medium-sized companies expect significant additional monthly costs. Even if he fundamentally supports the goal of improved data protection, the EU has created a “bureaucratic monster”.
