Only three weeks left - then all companies must have implemented the requirements of the EU Data Protection Basic Regulation (DS-GMO). However, like many large and medium-sized companies, most startups are still a long way away, as a recent survey conducted by Bitkom Research on behalf of the Bitkom digital association shows among more than 300 startups.
General Data Protection Regulationpresents many startups with problems
Only three weeks left - then all companies must have implemented the requirements of the General Data Protection Regulation (GDPR). However, like many large and medium-sized companies, most startups are still a long way away, as a recent survey conducted by Bitkom Research on behalf of the Bitkom digital association shows among more than 300 startups.
Accordingly, every eleventh (9 percent) states that they have already completed the implementation. Another 41 percent have at least already started or implemented the first measures. In one in three startups (32 percent), however, the company is only just beginning to deal with the topic without having initiated any measures. And around one in seven (15 percent) still has a lot of catching up to do: 11 percent have heard of the General Data Protection Regulation , but have not yet done anything, 3 percent know nothing at all about the new rules and 1 percent have been informed, but have deliberately decided not to deal with it any further.
"It is gratifying that the new data protection rules are an issue for the vast majority of all startups. However, many will not be able to fully meet the targets by the cut-off date, not least because the young companies often have few employees and few resources available," said Bitkom President Achim Berg. "In any case, it is important to push ahead with implementation consistently and not to postpone it any longer. It is always better to be able to show that we are in the middle of implementation than to face a supervisory authority empty-handed. At the same time, the authorities should take a prudent approach so that innovative business models are also possible with the new data protection and so that life in this country is not unnecessarily difficult for founders".
From 25 May 2018, companies that fail to comply with the requirements of the GDPR after a two-year implementation period face a fine of up to 4 percent of annual global sales. Many companies first have to create a processing directory for personal data, which they should have already had according to the old legal situation. They must also adapt product development processes to comply with the new principle of privacy by design. In addition, they must take into account additional information obligations towards customers.
To get started with the GDPR, Bitkom has published "Questions and Answers" (FAQ), which provide an initial overview of the changes to the current legal situation. In addition, Bitkom has prepared four practical guidelines on how various obligations arising from the ordinance can be implemented in the company: "Data transmission in third countries", "Processing directory", "Risk assessment and data protection impact assessment" and the "Model contract annex for order processing". All information can be downloaded free of charge from the Bitkom website.
Methodological note: The data are based on a survey conducted by Bitkom Research on behalf of Bitkom. 302 IT and Internet start-ups in Germany were surveyed. The questions were "How far have you got in implementing the General Data Protection Regulation at the present time?"