Since the implementation of the General Data Protection Regulation, companies have had to increasingly deal with new data protection rules. Often there is a lack of suitable staff. For example, almost every third company in Germany (31 percent) currently has only one full-time position planned for employees who mainly deal with data protection. This is the result of a representative company survey commissioned by the digital association Bitkom. Six out of ten companies (59 percent) have less than one full-time position available for this purpose. "With the General Data Protection Regulation, the effort for many companies has increased enormously," says Susanne Dehmel, member of Bitkom's management board for legal affairs and security. "Anyone who was able to find qualified employees has hired them. However, there is a shortage of data protection specialists throughout Germany".
Only a few companies rely on more than one full-time position for data protection topics. 4 percent have planned for up to two full-time equivalents, only 1 percent to three full-time equivalents. Large companies in particular employ several data protection experts. Every third company with 500 employees or more (35 percent) has planned up to four jobs for this purpose, every fourth (28 percent) has planned four or more full-time jobs. "Those who do not have the expertise in-house must resort to external consulting," says Dehmel. For many law firms and legal advisors with data protection know-how, the past year was therefore very intensive. To this day, many are still busy adapting their business processes to the GDPR requirements.
EU decides on regulations on e-privacy and e-evidence
Further important decisions on new data protection rules are planned for the current year. For example, the e-privacy regulation is to be approved in the coming months. In the area of electronic communications, it is intended to supplement the GDPR and is currently being negotiated at EU level. Bitkom criticises the planned regulation. "With the current draft, the e-privacy regulation endangers software updates and restricts advertising-based business models on the Internet."
In addition, the EU is currently negotiating the so-called E-Evidence Regulation. The aim is to simplify access to electronic evidences by law enforcement authorities. Law enforcement authorities in one member state could require providers to provide electronic evidence at short notice, even if they are based in another member state. Here, too, Bitkom sees a need for improvement. "Private providers should not carry out fundamental rights checks without the involvement of national authorities," Dehmel said.
Methodological note: The information is based on a survey conducted by Bitkom Research on behalf of Bitkom. 502 persons responsible for data protection (company data protection officers, managing directors, IT managers) from companies in all sectors with 20 or more employees in Germany were interviewed by telephone. The survey is representative.