Since the entry into force of the Basic Data Protection Regulation, companies have had to increasingly deal with new rules in data protection. Often there is a lack of suitable personnel. For example, almost every third company in Germany (31 percent) has currently only planned one full-time position for employees who mainly deal with data protection. This is the result of a representative company survey commissioned by the digital association Bitkom.
Privacy experts are the exceptions in companies
- Only every third company has planned a full-time position for data protection
- 28 January 2019 is European Data Protection Day
- 2019 will be an important year for data protection
Since the entry into force of the Basic Data Protection Regulation, companies have had to increasingly deal with new rules in data protection. Often there is a lack of suitable personnel. For example, almost every third company in Germany (31 percent) has currently only planned one full-time position for employees who mainly deal with data protection. This is the result of a representative company survey commissioned by the digital association Bitkom. Six out of ten companies (59 percent) have less than one full-time position available for this purpose. "With the basic data protection regulation, the effort for many companies has increased enormously," says Susanne Dehmel, member of Bitkom's management board for legal affairs and security. "Anyone who was able to find qualified personnel has hired them. However, there is a shortage of data protection specialists throughout Germany".
Only a few companies rely on more than one full-time position for data protection topics. 4 percent have planned for up to two full-time equivalents, only 1 percent to three full-time equivalents. Large companies in particular employ several data protection experts. Every third company with 500 employees or more (35 percent) has planned up to four jobs for this purpose, every fourth (28 percent) has planned four or more full-time jobs. "Those who do not have the expertise in-house must resort to external consulting," says Dehmel. For many law firms and legal advisors with data protection know-how, the past year was therefore very labour-intensive. To this day, many are still busy adapting their business processes to the DS-GVO requirements.
EU decides on regulations on e-privacy and eevidence
Further important decisions on new data protection rules are planned for the current year. For example, the e-privacy regulation is to be adopted in the coming months. In the area of electronic communications, it is intended to supplement the DS-GVO and is currently being negotiated at EU level. Bitkom criticises the planned regulation. "With the current draft, the e-privacy regulation endangers software updates and restricts advertising-based business models on the Internet.
In addition, the EU is currently negotiating the so-called E-Evidence Regulation. The aim is to make it easier for law enforcement authorities to access electronic evidence. Law enforcement authorities in one member state could require providers to provide electronic evidence at short notice, even if they are based in another member state. Here, too, Bitkom sees a need for improvement. "Private providers should not carry out fundamental rights checks without the involvement of national authorities," Dehmel said.
Methodological note: The information is based on a survey conducted by Bitkom Research on behalf of Bitkom. 502 persons responsible for data protection (company data protection officers, managing directors, IT managers) from companies in all sectors with 20 or more employees in Germany were interviewed by telephone. The survey is representative.