NEWS

New data protection regulations pose major challenges for companies this year. Many of them often lack sufficiently qualified personnel for implementation of the new rules. More than every second company (56 percent) in Germany has less than one full-time position planned for employees who mainly deal with data protection issues. This is the result of a representative company survey commissioned by the digital association Bitkom.

GDPR: Companies lack data protection specialists

New data protection regulations pose major challenges for companies this year. Many of them often lack sufficiently qualified personnel for implementation of the new rules. More than every second company (56 percent) in Germany has less than one full-time position planned for employees who mainly deal with data protection issues. This is the result of a representative company survey commissioned by the digital association Bitkom.

The General Data Protection Regulation, which will have to be applied throughout the EU from 25 May 2018 on will result in many new obligations for companies. "The amount of work involved in implementing the GDPR is enormous, while at the same time companies are desperately looking for suitable specialists," says Susanne Dehmel, member of Bitkom's management board for law and security. One in four companies (27 percent) invests in exactly one full-time position for data protection matters. 14 percent of companies have more than one full-time position for employees who are mainly concerned with data protection.

From 25 May 2018 on, the GDPR will apply in the EU. After a two-year implementation period, all companies will then have to comply with the new rules (the regulation entered into force in 2016). For many companies, the focus is on creating records of processing activities for personal data. They must also adapt product development processes to comply with the new principle of privacy by design. In addition, they must take into account additional information obligations towards customers.

The EU is expected to decide on the so-called E-Privacy Regulation in the second half of 2018. The aim of the E-Privacy Regulation is, on the one hand, to protect the confidentiality of communications. On the other hand, the e-privacy regulation formulates additional data protection regulations that go beyond the GDPR, especially in the area of processing and storage functions in end devices such as PCs, tablets or smartphones. Bitkom criticises the current draft law of the EU Commission on the E-Privacy Regulation. "Future innovations are threatened by the E-Privacy Regulation," says Dehmel. In this way, the balance already struck between the protection of privacy on the one hand and new technologies on the other would be broken again. "What the GDPR allows, the E-Privacy Regulation should not turn back." To date, the E-Privacy Regulation imposes an even stricter form of consent than the GDPR or even completely prohibits data processing permitted under the GDPR in several areas. In addition, the Commission's proposal would also cover transactions which do not provide for the processing of personal data.

To find a way through the new rules of the GDPR, Bitkom has published an FAQ-Paper, which provides an initial overview of the changes to the current legal situation. In addition, Bitkom has prepared four practical guidelines on how various obligations arising from the GDPR can be implemented in the company: "Data transmission in third countries", "Processing directory", "Risk assessment and data protection impact assessment" and the "Model contract annex for processing on behalf of the controller". All information can be downloaded free of charge from the Bitkom website.

 

Methodological note: The data are based on a survey conducted by Bitkom Research on behalf of Bitkom. 507 persons responsible for data protection (data protection officers, managing directors, IT managers) from companies in all industries with 20 or more employees in Germany were surveyed. The survey is representative. The question was: "How many employees in your company are mainly concerned with data protection?"

Teilen