NEWS

Only one in two companies in Germany has so far looked for help from external experts in implementing the EU General Data Protection Regulation (GDPR). Only 48 percent of all companies with 20 or more employees claim to have called in specialists outside their own company. This is the result of a representative survey of more than 500 companies commissioned by the digital association Bitkom.

GDPR: only one in two companies gets help

Only one in two companies in Germany has so far looked for help from external experts in implementing the EU General Data Protection Regulation (GDPR). Only 48 percent of all companies with 20 or more employees claim to have called in specialists outside their own company. This is the result of a representative survey of more than 500 companies commissioned by the digital association Bitkom.

The most frequently called in external assistance came from lawyers, who were consulted by around one in three companies (35 percent) with regard to GDPR implementation. External consultants or auditors consulted 29 percent of all companies, and external data protection specialists were called in for help in one in five companies (21 percent).

"Only around one in eight companies will, in its own estimation, have fully implemented the provisions of the GDPR by the reporting date. In view of this small proportion and the amount of the possible fines, the rather low use of external help for implementation is rather surprising," says Bitkom´s Susanne Dehmel, member of Bitkom's management board for law and security. "Practically all companies are affected by the EU requirements, as they apply to all companies that process personal data. For companies that haven't done anything yet, time is running out."

In exactly six months, companies must have implemented the requirements of the GDPR - otherwise they face fines, possibly in the millions. On 25 May 2018 the two-year transition period that was granted to the companies for implementation ends. From this date, the supervisory authorities can impose fines of up to 4 percent of the company's worldwide turnover in the event of infringements.

So far, only one in four companies (25 percent) has employed additional personnel in the company to advance the implementation of the GDPR. However, only 5 percent of the companies have hired additional personnel, 20 percent say they are using existing personnel for GDPR implementation through restructuring. Dehmel: "The basic GDPR should have a high priority in all companies - or be given such priority as soon as possible. "It can be expensive to bury your head in the sand and wait.”

Bitkom has published a FAQs-Paper on the GDPR, which provide an initial overview of the changes to the current legal situation. In addition, Bitkom has prepared four practical guidelines on how various obligations arising from the GDPR can be implemented in the company: "Data transmission in third countries", "Processing directory", "Risk assessment and data protection impact assessment" and the "Model contract annex for order processing". All information is available for free download.

Furthermore, Bitkom Consult experts offer support for companies in adapting their existing processes to the GDPR. Tobias Göldner, Data Protection Officer of Bitkom e.V. advises start-ups, medium-sized businesses and global players on data protection law and shows companies how to avoid fines in the Bitkom video tip.

 

Methodological note: The data are based on a survey conducted by Bitkom Research on behalf of Bitkom. 507 persons responsible for data protection (data protection officers, managing directors, IT managers) from companies in all industries with 20 or more employees in Germany were surveyed. The survey is representative. The questions were "Have you used external expertise for the implementation of the GDPR in your company, or do you plan to do so," and "Have you deployed additional personnel for the implementation of the GDPR in your company, or do you plan to do so?

Teilen