Companies in Germany find themselves heavily burdened by the European General Data Protection Regulation (GDPR), even six years after it came into force. In a representative survey by the digital association Bitkom, more than nine out of ten companies (94 percent) complained about the high cost of data protection. Around two thirds (63 percent) of the companies surveyed said that the effort for data protection had increased in the past year, while in 36 percent the effort remained the same – and had not decreased anywhere.
Z+ (subscription content); iPhone 16: The EU depends on itself
Z+ (subscription content); Apple Intelligence: Apple’s AI functions should appear in German in 2025
Z+ (subscription content); EU data protection laws: Meta faces fine for data protection violation
For the Bitkom study, 605 companies with 20 or more employees in Germany were surveyed by telephone between July and September 2024.
In the survey, 70 percent of companies stated that they see digitalization as being inhibited by data protection. Companies’ dissatisfaction with the GDPR is also due to the fact that data protection officers in Germany and the states of the European Union interpret the rules quite differently. 76 percent of companies complain about legal uncertainty regarding the GDPR, 61 percent criticize the high requirements and 56 percent criticize the inconsistent interpretation. 80 percent of companies want reforms in data protection supervision, 67 percent even want centralization.
“We are overdoing data protection”
Susanne Dehmel, member of the Bitkom management, explained that the protection of personal data is an integral part of the value system in Germany. However, the implementation and interpretation must be adjusted so that data protection remains practical. “We are exaggerating data protection in Germany.”
The industry association Bitkom sees new challenges in the area of artificial intelligence (AI). In the survey, 52 percent of the companies surveyed said that data protection requirements would hinder the use of AI.
Dehmel emphasized that artificial intelligence could make a contribution to solving current social challenges. “We must design data protection in such a way that it protects personal data from unauthorized access by AI models, but at the same time promotes the development and use of AI in Germany and Europe.” Artificial intelligence needs understandable and manageable rules. The mistakes made in the General Data Protection Regulation in recent years are unlikely to be repeated in the European Union’s current digital laws, the AI Act and the Data Act.
Companies in Germany find themselves heavily burdened by the European General Data Protection Regulation (GDPR), even six years after it came into force. In a representative survey by the digital association Bitkom, more than nine out of ten companies (94 percent) complained about the high cost of data protection. Around two thirds (63 percent) of the companies surveyed said that the effort for data protection had increased in the past year, while in 36 percent the effort remained the same – and had not decreased anywhere.