In May 2018, the European General Data Protection Regulation (GDPR) came into force. The GDPR is designed to ensure better protection of sensitive customer and workplace data. Infringements of the GDPR can be expensive.
It seems, however, that the hope that better data protection will also lead to more trust among customers and thus to a competitive advantage for EU companies is not being fulfilled. According to a survey conducted by the ZEW (Leibniz-Zentrum für Europäische Wirtschaftsforschung GmbH Mannheim), only around 12 percent of the survey participants expect an increase in confidence in German companies in the information sector. A potential competitive advantage in the international market is considered to be even lower. Only three percent of the survey participants expect a positive influence on their own business development.
ZEW Survey Involving 600 Companies
In March 2020, the ZEW Mannheim conducted a survey on the GDPR in around 600 companies of the German information economy. The result: The General Data Protection Regulation has not been convincing so far. On the contrary. The negative aspects of the GDPR predominate for almost half of the survey participants. Only approximately five percent stressed the advantages. One of the main points of criticism of the GDPR is that it complicates processes, leads to increased workloads and thus becomes a cost-pusher.
The results of the survey differ by sub-sector: In the case of companies in the information and communications technology (ICT) sector, the pros and cons of the GDPR balance each other at about 60%, or the positive aspects even slightly prevail. However, according to the ZEW, this opinion is shared by less than 50 percent of the survey participants among media and knowledge-intensive service providers.
GDPR Makes Processes More Complicated
According to the ZEW, for around 60 percent of the companies surveyed, the introduction of the GDPR has made business processes more complicated. The following points were criticized by the survey participants:
- Implementation of extensive changes in information obligations and data subject rights
- Implementation of new concepts such as Privacy-by-Design and Privacy-by-Default
This had led to an increased workload for more than two thirds of the companies.
In addition, additional costs were incurred due to staff training and an increased need for external consulting services, stated more than half of the companies. 17 percent of the companies in the survey stated that they saw the GDPR as a threat to their own business activities, for example because it would slow down innovation and make the use of new technologies more difficult.
Not Everything Is Bad
Not everything is bad, after all. 36 percent of the companies reported to have reviewed and optimized their processes as a result of the GDPR. 29 percent of the companies have standardized their data processing.
However, only around 20 percent of the companies believe that the GDPR will provide more legal certainty.